Computer-aided operation planning and 3-dimensional osteotomy guidance for alveolar distraction

Objectives: In alveolar distraction, in cases of severe atrophy in particular, it is often difficult to perform osteotomies in order to make a transport segment in optimal size and shape. Moreover care must be taken, not to damage the closely locating anato- mical structures such as the maxillary sinus, the inferior alveolar nerve, and the roots of the neighboring teeth. For setting ideal osteotomy lines exactly, we have developed a CT-based preoperative planning tool. Methods: 3-dimensional visual reconstruction of the jaw is created from the preoperative CT scans (1.0-mm slice thick- ness). Using the image-processing software Mimics (Materialise, Yokohama, Japan), various procedures of virtual cutting are simulated first to determine optimal osteotomy lines and to design an ideal transport segment. After the computer planning, data from the virtual solid model are transferred to a rapid prototype model, and a guiding splint is made to transfer the planned surgical simulation to the actual surgery. Results: The method was used in a case of severe atrophy of the anterior maxilla. The patient had a large maxillary sinus requir- ing a precise osteotomy in this critical area. Using the splint allowing a 3-dimensional guidance, alveolar osteotomies were easily done to achieve a transport segment in sufficient dimen- sion as planned, and any perforation of the maxillary sinus could be avoided. Finally the alveolar distraction of 10mm has suc- cessfully been performed. Conclusion: The preoperative planning method and the guiding splint described here are useful in problematic cases requiring an extremely precise osteotomy due to lack of bony space.

A FIREWALL MODEL OF FILE SYSTEM SECURITY

File system security is fundamental to the security of UNIX and Linux systems since in these systems almost everything is in the form of a file. To protect the system files and other sensitive user files from unauthorized accesses, certain security schemes are chosen and used by different organizations in their computer systems. A file system security model provides a formal description of a protection system. Each security model is associated with specified security policies which focus on one or more of the security principles: confidentiality, integrity and availability. The security policy is not only about “who” can access an object, but also about “how” a subject can access an object. To enforce the security policies, each access request is checked against the specified policies to decide whether it is allowed or rejected. The current protection schemes in UNIX/Linux systems focus on the access control. Besides the basic access control scheme of the system itself, which includes permission bits, setuid and seteuid mechanism and the root, there are other protection models, such as Capabilities, Domain Type Enforcement (DTE) and Role-Based Access Control (RBAC), supported and used in certain organizations. These models protect the confidentiality of the data directly. The integrity of the data is protected indirectly by only allowing trusted users to operate on the objects. The access control decisions of these models depend on either the identity of the user or the attributes of the process the user can execute, and the attributes of the objects. Adoption of these sophisticated models has been slow; this is likely due to the enormous complexity of specifying controls over a large file system and the need for system administrators to learn a new paradigm for file protection. We propose a new security model: file system firewall. It is an adoption of the familiar network firewall protection model, used to control the data that flows between networked computers, toward file system protection. This model can support decisions of access control based on any system generated attributes about the access requests, e.g., time of day. The access control decisions are not on one entity, such as the account in traditional discretionary access control or the domain name in DTE. In file system firewall, the access decisions are made upon situations on multiple entities. A situation is programmable with predicates on the attributes of subject, object and the system. File system firewall specifies the appropriate actions on these situations. We implemented the prototype of file system firewall on SUSE Linux. Preliminary results of performance tests on the prototype indicate that the runtime overhead is acceptable. We compared file system firewall with TE in SELinux to show that firewall model can accommodate many other access control models. Finally, we show the ease of use of firewall model. When firewall system is restricted to specified part of the system, all the other resources are not affected. This enables a relatively smooth adoption. This fact and that it is a familiar model to system administrators will facilitate adoption and correct use. The user study we conducted on traditional UNIX access control, SELinux and file system firewall confirmed that. The beginner users found it easier to use and faster to learn then traditional UNIX access control scheme and SELinux.

High-resolution computer simulations of EKC

The electrophoresis simulation software, GENTRANS, has been modified to include the interaction of analytes with an electrolyte additive to allow the simulation of liquid-phase EKC separations. The modifications account for interaction of weak and strong acid and base analytes with a single weak or strong acid or base background electrolyte additive and can be used to simulate a range of EKC separations with both charged and neutral additives. Simulations of separations of alkylphenyl ketones under real experimental conditions were performed using mobility and interaction constant data obtained from the literature and agreed well with experimental separations. Migration times in fused-silica capillaries and linear polyacrylamide-coated capillaries were within 7% of the experimental values, while peak widths were always narrower than the experimental values, but were still within 50% of those obtained by experiment. Simulations of sweeping were also performed; although migration time agreement was not as good as for simple EKC separations, peak widths were in good agreement, being within 1-50% of the experimental values. All simulations for comparison with experimental data were performed under real experimental conditions using a 47 cm capillary and a voltage of 20 kV and represent the first quantitative attempt at simulating EKC separations with and without sweeping.