Security-by-construction in web applications development via database annotations

Huge amounts of data and personal information are being sent to and retrieved from web applications on daily basis. Every application has its own confidentiality and integrity policies. Violating these policies can have broad negative impact on the involved company's financial status, while enforcing them is very hard even for the developers with good security background. In this paper, we propose a framework that enforces security-by construction in web applications. Minimal developer effort is required, in a sense that the developer only needs to annotate database attributes by a security class. The web application code is then converted into an intermediary representation, called Extended Program Dependence Graph (EPDG). Using the EPDG, the provided annotations are propagated to the application code and run against generic security enforcement rules that were carefully designed to detect insecure information flows as early as they occur. As a result, any violation in the data's confidentiality or integrity policies is reported. As a proof of concept, two PHP web applications, Hotel Reservation and Auction, were used for testing and validation. The proposed system was able to catch all the existing insecure information flows at their source. Apart from the proof of concept and to comprehensively test the performance of our system, we compared it to JLift, a state-of-the-art type-based system approach to detect information leaks. Both approaches were run against custom made PHP web applications and publicly available applications downloaded from SourceForge and GitHub. The results show that our approach outperforms JLift in terms of accuracy and the number of false alarms, and is able to catch the insecure flows at their source when they first occurred. (C) 2016 Elsevier Ltd. All rights reserved

Am J Hum Genet

Escobar syndrome is a form of arthrogryposis multiplex congenita and features joint contractures, pterygia, and respiratory distress. Similar findings occur in newborns exposed to nicotinergic acetylcholine receptor (AChR) antibodies from myasthenic mothers. We performed linkage studies in families with Escobar syndrome and identified eight mutations within the γ-subunit gene (CHRNG) of the AChR. Our functional studies show that γ-subunit mutations prevent the correct localization of the fetal AChR in human embryonic kidney–cell membranes and that the expression pattern in prenatal mice corresponds to the human clinical phenotype. AChRs have five subunits. Two α, one β, and one δ subunit are always present. By switching γ to ϵ subunits in late fetal development, fetal AChRs are gradually replaced by adult AChRs. Fetal and adult AChRs are essential for neuromuscular signal transduction. In addition, the fetal AChRs seem to be the guide for the primary encounter of axon and muscle. Because of this important function in organogenesis, human mutations in the γ subunit were thought to be lethal, as they are in γ-knockout mice. In contrast, many mutations in other subunits have been found to be viable but cause postnatally persisting or beginning myasthenic syndromes. We conclude that Escobar syndrome is an inherited fetal myasthenic disease that also affects neuromuscular organogenesis. Because γ expression is restricted to early development, patients have no myasthenic symptoms later in life. This is the major difference from mutations in the other AChR subunits and the striking parallel to the symptoms found in neonates with arthrogryposis when maternal AChR auto-antibodies crossed the placenta and caused the transient inactivation of the AChR pathway

Web-Based, Participant-Driven Studies Yield Novel Genetic Associations for Common Traits

Despite the recent rapid growth in genome-wide data, much of human variation remains entirely unexplained. A significant challenge in the pursuit of the genetic basis for variation in common human traits is the efficient, coordinated collection of genotype and phenotype data. We have developed a novel research framework that facilitates the parallel study of a wide assortment of traits within a single cohort. The approach takes advantage of the interactivity of the Web both to gather data and to present genetic information to research participants, while taking care to correct for the population structure inherent to this study design. Here we report initial results from a participant-driven study of 22 traits. Replications of associations (in the genes OCA2, HERC2, SLC45A2, SLC24A4, IRF4, TYR, TYRP1, ASIP, and MC1R) for hair color, eye color, and freckling validate the Web-based, self-reporting paradigm. The identification of novel associations for hair morphology (rs17646946, near TCHH; rs7349332, near WNT10A; and rs1556547, near OFCC1), freckling (rs2153271, in BNC2), the ability to smell the methanethiol produced after eating asparagus (rs4481887, near OR2M7), and photic sneeze reflex (rs10427255, near ZEB2, and rs11856995, near NR2F2) illustrates the power of the approach

The biology and genetics of curly hair

YesHair fibres show wide diversity across and within all human populations, suggesting that hair fibre form and colour have been subject to much adaptive pressure over thousands of years. All human hair fibres typically have the same basic structure. However, the three-dimensional shape of the entire fibre varies considerably depending on ethnicity and geography, with examples from very straight hair with no rotational turn about the long axis, to the tightly sprung coils of African races. The creation of the highly complex biomaterials in hair follicle and how these confer mechanical functions on the fibre so formed is a topic that remains relatively unexplained thus far. We review the current understanding on how hair fibres are formed into a nonlinear coiled form and which genetic and biological factors are thought to be responsible for hair shape. We report on a new GWAS comparing low and high curl individuals in South Africa, revealing strong links to polymorphic variation in trichohyalin, a copper transporter protein CUTC and the inner root sheath component keratin 74. This builds onto the growing knowledge base describing the control of curly hair formation.Unilever R&

Genetic prediction of male pattern baldness

Male pattern baldness can have substantial psychosocial effects, and it has been phenotypically linked to adverse health outcomes such as prostate cancer and cardiovascular disease. We explored the genetic architecture of the trait using data from over 52,000 male participants of UK Biobank, aged 40-69 years. We identified over 250 independent genetic loci associated with severe hair loss (P<5x10-8). By splitting the cohort into a discovery sample of 40,000 and target sample of 12,000, we developed a prediction algorithm based entirely on common genetic variants that discriminated (AUC = 0.78, sensitivity = 0.74, specificity = 0.69, PPV = 59%, NPV = 82%) those with no hair loss from those with severe hair loss. The results of this study might help identify those at greatest risk of hair loss, and also potential genetic targets for intervention

Mitigating information leakage in web applications at the deployment level

Thesis (M.S.)--American University of Beirut, Department of Computer Science, 2012.Advisor : Dr. Wassim El Hajj, Assistant Professor, Computer Science--Committee Members : Dr. Haidar Safa, Associate Professor, Computer Science ; Dr. Hazem Hajj, Assistant Professor, Electrical Engineering.Includes bibliographical references (leaves 64-67)Huge amounts of data and personal information are being sent to and retrieved from web applications on daily basis. Every application has its own confidentiality and integrity policies. Violating these policies can have broad negative impact on the involved company’s financial status and enforcing them is very hard even for the developers with good security background. In this thesis, we propose a framework to enforce confidentiality and integrity policies in web applications. The proposed framework uses static techniques to enforce security-by-construction. It takes as input web application code and produces a report pinpointing the exact locations where the application’s confidentiality policies were violated. It uses an innovative idea which includes annotations at the database level and requires minimal effort from the developer. The framework includes the following steps: (1) annotating the attributes in the database tables with four security levels, (2) constructing the Program Dependence Graph (PDG) of the application, (3) extending the PDG to incorporate the database annotations producing an extended PDG (E-PDG), (4) designing and creating rules for the E-PDG to indicate insecure information flows, (5) traversing the E-PDG searching for any violations of the created rules, and (6) finally reporting the line numbers that caused the insecure flows. For testing, we compared our approach with JLift, a state-of-the-art type-based system approach to detect information leaks. Both approaches were run against custom made PHP web applications and publicly available applications downloaded from sourgeforge.net. The results show that our approach performs better than JLift in terms of accuracy and false alarms