Paulo Sousa

DepSky: dependable and secure storage in a cloud-of-clouds

The increasing popularity of cloud storage services has lead companies that handle critical data to think about using these services for their storage needs. Medical record databases, power system historical information and financial data are some examples of critical data that could be moved to the cloud. However, the reliability and security of data stored in the cloud still remain major concerns. In this paper we present DEPSKY, a system that improves the availability, integrity and confidentiality of information stored in the cloud through the encryption, encoding and replication of the data on diverse clouds that form a cloud-of-clouds. We deployed our system using four commercial clouds and used PlanetLab to run clients accessing the service from different countries. We observed that our protocols improved the perceived availability and, in most cases, the access latency when compared with cloud providers individually. Moreover, the monetary costs of using DEPSKY on this scenario is twice the cost of using a single cloud, which is optimal and seems to be a reasonable cost, given the benefits.

DepSky: Dependable and Secure Storage in a Cloud-of-Clouds

The increasing popularity of cloud storage services has lead companies that handle critical data to think about using these services for their storage needs. Medical record databases, large biomedical datasets, historical information about power systems and financial data are some examples of critical data that could be moved to the cloud. However, the reliability and security of data stored in the cloud still remain major concerns. In this work we present DepSky, a system that improves the availability, integrity, and confidentiality of information stored in the cloud through the encryption, encoding, and replication of the data on diverse clouds that form a cloud-of-clouds. We deployed our system using four commercial clouds and used PlanetLab to run clients accessing the service from different countries. We observed that our protocols improved the perceived availability, and in most cases, the access latency, when compared with cloud providers individually. Moreover, the monetary costs of using DepSky in this scenario is at most twice the cost of using a single cloud, which is optimal and seems to be a reasonable cost, given the benefits.

How resilient are distributed f fault/intrusion-tolerant systems?

Fault-tolerant protocols, asynchronous and synchronous alike, make stationary fault assumptions: only a fraction f of the total n nodes may fail. Whilst a synchronous protocol is expected to have a bounded execution time, an asynchronous one may execute for an arbitrary amount of time, possibly sufficient for f+1 nodes to fail. This can compromise the safety of the protocol and ultimately the safety of the system. Recent papers propose asynchronous protocols that can tolerate any number of faults over the lifetime of the system, provided that at most f nodes become faulty during a given interval. This is achieved through the so-called proactive recovery, which consists of periodically rejuvenating the system. Proactive recovery in asynchronous systems, though a major breakthrough, has some limitations which had not been identified before. In this paper, we introduce a system model expressive enough to represent these problems which remained in oblivion with the classical models. We introduce the predicate exhaustion-safe, meaning freedom from exhaustion-failures. Based on it, we predict the extent to which fault/intrusion-tolerant distributed systems (synchronous and asynchronous) can be made to work correctly. Namely, our model predicts the impossibility of guaranteeing correct behavior of asynchronous proactive recovery systems as exist today. To prove our point, we give an example of how these problems impact an existing fault/intrusion-tolerant distributed system, the CODEX system, and having identified the problem, we suggest one (certainly not the only) way to tackle it.

Resilient state machine replication

Nowadays, one of the major concerns about the services provided over the Internet is related to their availability. Replication is a well known way to increase the availability of a service. However, replication has some associated costs, namely it is necessary to guarantee a correct coordination among the replicas. Moreover, being the Internet such an unpredictable and insecure environment, coordination correctness should be tolerant to Byzantine faults and immune to timing failures. Several past works address agreement and replication techniques that tolerate Byzantine faults under the asynchronous model, but they all make the assumption that the number of faulty replicas is bounded and known. Assuming a maximum number of f faulty replicas under the asynchronous model is dangerous - there is no way of guaranteeing that no more than f faults will occur during the execution of the system. In this paper, we describe a resilient f fault/intrusion-tolerant state machine replication system, which guarantees that no more than f faults ever occur. The system is asynchronous in its most part and it resorts to a synchronous oracle to periodically remove the effects of faults/attacks from the replicas.

Risk-adjustment model in health outcomes evaluation: a contribution to strengthen assessment towards quality improvement in interventional cardiology

OBJECTIVE The aim of this study was to develop a risk adjustment model for major adverse cardiac and cerebrovascular events following percutaneous coronary intervention (PCI), using data from a national registry, and to highlight the use of the risk adjustment when we evaluate the quality of care in interventional cardiology. DESIGN The STUDY DESIGN was based on a Coorte study. Bivariate and multivariate logistic regression models were used to identify independent risk factors for these major adverse events. SETTING A total of 19 hospitals from the Portuguese National Registry of Interventional Cardiology. PARTICIPANTS Data from 10.641 consecutives procedures collected between June 30, 2003 and June 30, 2006. INTERVENTION Build a risk adjustment model for these major adverse events, following percutaneous coronary intervention. MAIN OUTCOME MEASURE Factors that were associated with major adverse cardiac and cerebrovascular events following percutaneous coronary intervention. RESULTS The rate of in-hospital major adverse cardiac and cerebrovascular events was 1.9%. Factors associated with major adverse cardiac and cerebrovascular events included, among others: age >80 years (adjusted odds ratio = 3.91); female gender (1.72); and cardiogenic shock (6.05). Overall, a good discrimination was achieved with receiver operating characteristics curve = 0.84 and Hosmer-Lemeshow goodness of fit statistic across groups of risk was not significant (P = 0.18) indicating little departure from a perfect fit. CONCLUSIONS These findings will represent an important contribution to quality and safety improvement and should help driving new research and innovative approaches to different subgroups of patients who have higher chances of having an adverse event or poorer outcomes following this intervention.

FOREVER: Fault/intrusiOn REmoVal through Evolution & Recovery

The goal of the FOREVER project is to develop a service for Fault/intrusiOn REmoVal through Evolution & Recovery. In order to achieve this goal, our work addresses three main tasks: the definition of the FOREVER service architecture; the analysis of how diversity techniques can improve resilience; and the evaluation of the FOREVER service. The FOREVER service is an important contribution to intrustion-tolerant replication middleware and significantly enhances the resilience.

RAVE: Replicated antivirus engine

Antivirus is a fundamental presence in every computer infrastructure nowadays. The exponential growth of Internet usage with increasing higher bandwidth led to situations where virus (as well as worms and other type of malicious content) had constant outbreaks with impressive amounts of infected computers across the entire world. Email has been the preferred choice for several of these malicious content outbreaks. This paper describes the design, implementation, and evaluation of RAVE, a Replicated AntiVirus Engine for email infrastructures. Based on fault/intrusion tolerance concepts, this system allows to increase the detection capability of anti-malware solutions for email infrastructures by having different engines working in parallel, allowing at the same time arbitrary faults in a predefined number of replicas.

Letter to the Editor: The Concept of Dignity in Non-institutionalized Elderly People Cared for in Primary Health Care: A Preliminary Empirical Model

Dignidade é definida como “a qualidade ou estado de ter valor, ser honrado ou estimado”,1 sendo um conceito complexo e abusivamente utilizado na sociedade, particularmente no âmbito da Medicina.2 Estudos anteriores realizados em grupos sociais vulneráveis clarificaram o seu significado, criando modelos mais inteligíveis.3,4 Em Portugal, e até à data, nenhuma investigação olhou para o conceito de dignidade na perspetiva de idosos não institucionalizados, seguidos em cuidados de saúde primários. Nesse sentido, desenvolvemos um estudo transversal qualitativo, recorrendo a entrevistas semiestruturadas a uma amostra de 30 idosos não institucionalizados utilizadores de uma consulta de medicina geral e familiar com o objetivo de compreender a sua perspetiva sobre o conceito de dignidade, construindo posteriormente um modelo empírico preliminar de dignidade. Critérios de inclusão: idade ≥ 65 anos; não estar institucionalizado; utilizadores de consulta de medicina geral e familiar; capacidade de ler e escrever português; dar consentimento informado; Mini Mental Scale Examination ≥ 20. Dos participantes, 53% eram mulheres, com idade média de 74 anos (desvio padrão: 5,7; mín. 65, máx. 93), 73% casados, 53% com quatro anos de escolaridade e 100% reformados. Foram obtidas as autorizações éticas e de proteção de dados. Foi realizada uma análise de conteúdo com recurso a técnicas de processamento de linguagem natural e Latent Dirichlet Allocation da qual resultou um modelo de dignidade formado por três categorias principais: Social; Autonomia; Integridade. Cada categoria inclui temas que dizem respeito a áreas que reforçam ou ameaçam o sentido de dignidade (Tabela 1). O Modelo de Dignidade preliminar apresentado encontra pontos similares com outros modelos de dignidade,3,4 nomeadamente na dignidade intrínseca (categoria Integridade) e contingente/relacional (categorias Social e Autonomia), reforçando a dignidade como um valor inerente a cada ser humano com características universais apesar do contexto, do tempo e do espaço em que é avaliado. O conhecimento do atual modelo poderá ser útil aos profissionais envolvidos nos cuidados a idosos, assim como aos decisores político-sociais, no melhoramento de ações face aos cuidados prestados a esta população, indo ao encontro das recomendações da Organização Mundial de Saúde para um envelhecimento que tenha em conta um sistema compreensivo que dê importância ao valor da vida e a sua vivência digna.5 Esta investigação representa apenas um interesse inicial acerca do relevante tema da dignidade em idosos. Assim, consideramos que devem ser desenvolvidos estudos futuros numa amostra portuguesa representativa por forma a corrigir as limitações da investigação atual e a compreender melhor o conceito de dignidade.