The Experts below are selected from a list of 7809 Experts worldwide ranked by ideXlab platform
Zhichang Qi - One of the best experts on this subject based on the ideXlab platform.
-
Security Goals Assurance Based on Software Active Monitoring
2011 Fifth International Conference on Secure Software Integration and Reliability Improvement, 2011Co-Authors: Changzhi Zhao, Wei Dong, Martin Leucker, Zhichang QiAbstract:Access control is a vital security mechanism in today's operating systems, and the security policies dictating the security relevant behaviors is lengthy and complex, for example in Security-Enhanced Linux (SELinux). It is extremely difficult to verify the consistency between the security policies and the security goals desired by applications. In this paper, we present how to predict whether the information flow security goal is violated or not during runtime, how to generate the corresponding control actions on-line when divergence is detected and how to apply these actions in time based on software Active Monitoring technique. The symbolic security information flow model of SElinux is generated from a formalization of the access control mechanism which can be used to generate the N-step ahead projection of the future behavior. Information flow security goals are expressed in linear temporal logic (LTL) which provides clear description of the objectives desired by applications. Anticipatory monitor is generated from LTL formula automatically. We consider an on-line scheme where after the occurrence of an event, the next control action is determined on the basis of the N-step ahead projection of the future behavior. This procedure is repeated after the occurrence of next security relevant event. Thus, a closed-loop system is generated that all behavior sequences will satisfy the security goals.
-
SSIRI - Security Goals Assurance Based on Software Active Monitoring
2011 Fifth International Conference on Secure Software Integration and Reliability Improvement, 2011Co-Authors: Changzhi Zhao, Wei Dong, Martin Leucker, Zhichang QiAbstract:Access control is a vital security mechanism in today's operating systems, and the security policies dictating the security relevant behaviors is lengthy and complex, for example in Security-Enhanced Linux (SELinux). It is extremely difficult to verify the consistency between the security policies and the security goals desired by applications. In this paper, we present how to predict whether the information flow security goal is violated or not during runtime, how to generate the corresponding control actions on-line when divergence is detected and how to apply these actions in time based on software Active Monitoring technique. The symbolic security information flow model of SElinux is generated from a formalization of the access control mechanism which can be used to generate the N-step ahead projection of the future behavior. Information flow security goals are expressed in linear temporal logic (LTL) which provides clear description of the objectives desired by applications. Anticipatory monitor is generated from LTL formula automatically. We consider an on-line scheme where after the occurrence of an event, the next control action is determined on the basis of the N-step ahead projection of the future behavior. This procedure is repeated after the occurrence of next security relevant event. Thus, a closed-loop system is generated that all behavior sequences will satisfy the security goals.
-
Active Monitoring for Control Systems under Anticipatory Semantics
2010 10th International Conference on Quality Software, 2010Co-Authors: Changzhi Zhao, Wei Dong, Zhichang QiAbstract:As the increment of software complexity, traditional software analysis, verification and testing techniques can not fully guarantee the faultlessness of deployed systems. Therefore, runtime verification has been developed to continuously monitor the running system. Typically, runtime verification can detect property violations but cannot predict them, and consequently cannot prevent the failures from occurring. To remedy this weakness, Active Monitoring is proposed in this paper. Its purpose is not repairing the faults after failures have occurred, but predicting the possible faults in advance and triggering the necessary steering actions to prevent the software from violating the property. Anticipatory semantics of linear temporal logic is adopted in monitor construction here, and the information of system model is used for successful steering and prevention. The prediction and prevention will form a closed-loop feedback based on control theory. The approach can be regarded as an effective complement of traditional testing and verification techniques.
-
QSIC - Active Monitoring for Control Systems under Anticipatory Semantics
2010 10th International Conference on Quality Software, 2010Co-Authors: Changzhi Zhao, Wei Dong, Zhichang QiAbstract:As the increment of software complexity, traditional software analysis, verification and testing techniques can not fully guarantee the faultlessness of deployed systems. Therefore, runtime verification has been developed to continuously monitor the running system. Typically, runtime verification can detect property violations but cannot predict them, and consequently cannot prevent the failures from occurring. To remedy this weakness, Active Monitoring is proposed in this paper. Its purpose is not repairing the faults after failures have occurred, but predicting the possible faults in advance and triggering the necessary steering actions to prevent the software from violating the property. Anticipatory semantics of linear temporal logic is adopted in monitor construction here, and the information of system model is used for successful steering and prevention. The prediction and prevention will form a closed-loop feedback based on control theory. The approach can be regarded as an effective complement of traditional testing and verification techniques.
Changzhi Zhao - One of the best experts on this subject based on the ideXlab platform.
-
Anticipatory Active Monitoring for safety- and security-critical software
Science in China Series F: Information Sciences, 2012Co-Authors: Wei Dong, Changzhi Zhao, Martin LeuckerAbstract:Since formal verification and testing of systems is normally faced with challenges such as state explosion and uncertain execution environments, it is extremely difficult to exhaustively verify and test software during the development phase. Therefore, Monitoring has become an indispensable means for finding latent software faults at runtime. Most current Monitoring approaches only generate passive monitors, which cannot foresee possible faults and consequently cannot prevent their occurrence. In this paper, we propose an Active Monitoring approach based on runtime verification. This approach aims to predict possible incoming violations using a monitor that executes anticipatory semantics of temporal logic, and then generates the necessary steering actions according to a partial system model, which steers the system away from paths causing these violations. In this case, the monitor and monitored system make up a discrete feedback control loop. We further investigate the control theory behind Active Monitoring so that non-blocking controllability can be achieved. The results of applying Active Monitoring to two cases, a railway crossing control system and security-enhanced Linux (SELinux), show that the method can effectively ensure both safety and security properties at runtime.
-
Security Goals Assurance Based on Software Active Monitoring
2011 Fifth International Conference on Secure Software Integration and Reliability Improvement, 2011Co-Authors: Changzhi Zhao, Wei Dong, Martin Leucker, Zhichang QiAbstract:Access control is a vital security mechanism in today's operating systems, and the security policies dictating the security relevant behaviors is lengthy and complex, for example in Security-Enhanced Linux (SELinux). It is extremely difficult to verify the consistency between the security policies and the security goals desired by applications. In this paper, we present how to predict whether the information flow security goal is violated or not during runtime, how to generate the corresponding control actions on-line when divergence is detected and how to apply these actions in time based on software Active Monitoring technique. The symbolic security information flow model of SElinux is generated from a formalization of the access control mechanism which can be used to generate the N-step ahead projection of the future behavior. Information flow security goals are expressed in linear temporal logic (LTL) which provides clear description of the objectives desired by applications. Anticipatory monitor is generated from LTL formula automatically. We consider an on-line scheme where after the occurrence of an event, the next control action is determined on the basis of the N-step ahead projection of the future behavior. This procedure is repeated after the occurrence of next security relevant event. Thus, a closed-loop system is generated that all behavior sequences will satisfy the security goals.
-
SSIRI - Security Goals Assurance Based on Software Active Monitoring
2011 Fifth International Conference on Secure Software Integration and Reliability Improvement, 2011Co-Authors: Changzhi Zhao, Wei Dong, Martin Leucker, Zhichang QiAbstract:Access control is a vital security mechanism in today's operating systems, and the security policies dictating the security relevant behaviors is lengthy and complex, for example in Security-Enhanced Linux (SELinux). It is extremely difficult to verify the consistency between the security policies and the security goals desired by applications. In this paper, we present how to predict whether the information flow security goal is violated or not during runtime, how to generate the corresponding control actions on-line when divergence is detected and how to apply these actions in time based on software Active Monitoring technique. The symbolic security information flow model of SElinux is generated from a formalization of the access control mechanism which can be used to generate the N-step ahead projection of the future behavior. Information flow security goals are expressed in linear temporal logic (LTL) which provides clear description of the objectives desired by applications. Anticipatory monitor is generated from LTL formula automatically. We consider an on-line scheme where after the occurrence of an event, the next control action is determined on the basis of the N-step ahead projection of the future behavior. This procedure is repeated after the occurrence of next security relevant event. Thus, a closed-loop system is generated that all behavior sequences will satisfy the security goals.
-
Active Monitoring for Control Systems under Anticipatory Semantics
2010 10th International Conference on Quality Software, 2010Co-Authors: Changzhi Zhao, Wei Dong, Zhichang QiAbstract:As the increment of software complexity, traditional software analysis, verification and testing techniques can not fully guarantee the faultlessness of deployed systems. Therefore, runtime verification has been developed to continuously monitor the running system. Typically, runtime verification can detect property violations but cannot predict them, and consequently cannot prevent the failures from occurring. To remedy this weakness, Active Monitoring is proposed in this paper. Its purpose is not repairing the faults after failures have occurred, but predicting the possible faults in advance and triggering the necessary steering actions to prevent the software from violating the property. Anticipatory semantics of linear temporal logic is adopted in monitor construction here, and the information of system model is used for successful steering and prevention. The prediction and prevention will form a closed-loop feedback based on control theory. The approach can be regarded as an effective complement of traditional testing and verification techniques.
-
QSIC - Active Monitoring for Control Systems under Anticipatory Semantics
2010 10th International Conference on Quality Software, 2010Co-Authors: Changzhi Zhao, Wei Dong, Zhichang QiAbstract:As the increment of software complexity, traditional software analysis, verification and testing techniques can not fully guarantee the faultlessness of deployed systems. Therefore, runtime verification has been developed to continuously monitor the running system. Typically, runtime verification can detect property violations but cannot predict them, and consequently cannot prevent the failures from occurring. To remedy this weakness, Active Monitoring is proposed in this paper. Its purpose is not repairing the faults after failures have occurred, but predicting the possible faults in advance and triggering the necessary steering actions to prevent the software from violating the property. Anticipatory semantics of linear temporal logic is adopted in monitor construction here, and the information of system model is used for successful steering and prevention. The prediction and prevention will form a closed-loop feedback based on control theory. The approach can be regarded as an effective complement of traditional testing and verification techniques.
Wei Dong - One of the best experts on this subject based on the ideXlab platform.
-
Anticipatory Active Monitoring for safety- and security-critical software
Science in China Series F: Information Sciences, 2012Co-Authors: Wei Dong, Changzhi Zhao, Martin LeuckerAbstract:Since formal verification and testing of systems is normally faced with challenges such as state explosion and uncertain execution environments, it is extremely difficult to exhaustively verify and test software during the development phase. Therefore, Monitoring has become an indispensable means for finding latent software faults at runtime. Most current Monitoring approaches only generate passive monitors, which cannot foresee possible faults and consequently cannot prevent their occurrence. In this paper, we propose an Active Monitoring approach based on runtime verification. This approach aims to predict possible incoming violations using a monitor that executes anticipatory semantics of temporal logic, and then generates the necessary steering actions according to a partial system model, which steers the system away from paths causing these violations. In this case, the monitor and monitored system make up a discrete feedback control loop. We further investigate the control theory behind Active Monitoring so that non-blocking controllability can be achieved. The results of applying Active Monitoring to two cases, a railway crossing control system and security-enhanced Linux (SELinux), show that the method can effectively ensure both safety and security properties at runtime.
-
Security Goals Assurance Based on Software Active Monitoring
2011 Fifth International Conference on Secure Software Integration and Reliability Improvement, 2011Co-Authors: Changzhi Zhao, Wei Dong, Martin Leucker, Zhichang QiAbstract:Access control is a vital security mechanism in today's operating systems, and the security policies dictating the security relevant behaviors is lengthy and complex, for example in Security-Enhanced Linux (SELinux). It is extremely difficult to verify the consistency between the security policies and the security goals desired by applications. In this paper, we present how to predict whether the information flow security goal is violated or not during runtime, how to generate the corresponding control actions on-line when divergence is detected and how to apply these actions in time based on software Active Monitoring technique. The symbolic security information flow model of SElinux is generated from a formalization of the access control mechanism which can be used to generate the N-step ahead projection of the future behavior. Information flow security goals are expressed in linear temporal logic (LTL) which provides clear description of the objectives desired by applications. Anticipatory monitor is generated from LTL formula automatically. We consider an on-line scheme where after the occurrence of an event, the next control action is determined on the basis of the N-step ahead projection of the future behavior. This procedure is repeated after the occurrence of next security relevant event. Thus, a closed-loop system is generated that all behavior sequences will satisfy the security goals.
-
SSIRI - Security Goals Assurance Based on Software Active Monitoring
2011 Fifth International Conference on Secure Software Integration and Reliability Improvement, 2011Co-Authors: Changzhi Zhao, Wei Dong, Martin Leucker, Zhichang QiAbstract:Access control is a vital security mechanism in today's operating systems, and the security policies dictating the security relevant behaviors is lengthy and complex, for example in Security-Enhanced Linux (SELinux). It is extremely difficult to verify the consistency between the security policies and the security goals desired by applications. In this paper, we present how to predict whether the information flow security goal is violated or not during runtime, how to generate the corresponding control actions on-line when divergence is detected and how to apply these actions in time based on software Active Monitoring technique. The symbolic security information flow model of SElinux is generated from a formalization of the access control mechanism which can be used to generate the N-step ahead projection of the future behavior. Information flow security goals are expressed in linear temporal logic (LTL) which provides clear description of the objectives desired by applications. Anticipatory monitor is generated from LTL formula automatically. We consider an on-line scheme where after the occurrence of an event, the next control action is determined on the basis of the N-step ahead projection of the future behavior. This procedure is repeated after the occurrence of next security relevant event. Thus, a closed-loop system is generated that all behavior sequences will satisfy the security goals.
-
Active Monitoring for Control Systems under Anticipatory Semantics
2010 10th International Conference on Quality Software, 2010Co-Authors: Changzhi Zhao, Wei Dong, Zhichang QiAbstract:As the increment of software complexity, traditional software analysis, verification and testing techniques can not fully guarantee the faultlessness of deployed systems. Therefore, runtime verification has been developed to continuously monitor the running system. Typically, runtime verification can detect property violations but cannot predict them, and consequently cannot prevent the failures from occurring. To remedy this weakness, Active Monitoring is proposed in this paper. Its purpose is not repairing the faults after failures have occurred, but predicting the possible faults in advance and triggering the necessary steering actions to prevent the software from violating the property. Anticipatory semantics of linear temporal logic is adopted in monitor construction here, and the information of system model is used for successful steering and prevention. The prediction and prevention will form a closed-loop feedback based on control theory. The approach can be regarded as an effective complement of traditional testing and verification techniques.
-
QSIC - Active Monitoring for Control Systems under Anticipatory Semantics
2010 10th International Conference on Quality Software, 2010Co-Authors: Changzhi Zhao, Wei Dong, Zhichang QiAbstract:As the increment of software complexity, traditional software analysis, verification and testing techniques can not fully guarantee the faultlessness of deployed systems. Therefore, runtime verification has been developed to continuously monitor the running system. Typically, runtime verification can detect property violations but cannot predict them, and consequently cannot prevent the failures from occurring. To remedy this weakness, Active Monitoring is proposed in this paper. Its purpose is not repairing the faults after failures have occurred, but predicting the possible faults in advance and triggering the necessary steering actions to prevent the software from violating the property. Anticipatory semantics of linear temporal logic is adopted in monitor construction here, and the information of system model is used for successful steering and prevention. The prediction and prevention will form a closed-loop feedback based on control theory. The approach can be regarded as an effective complement of traditional testing and verification techniques.
Martin Leucker - One of the best experts on this subject based on the ideXlab platform.
-
Anticipatory Active Monitoring for safety- and security-critical software
Science in China Series F: Information Sciences, 2012Co-Authors: Wei Dong, Changzhi Zhao, Martin LeuckerAbstract:Since formal verification and testing of systems is normally faced with challenges such as state explosion and uncertain execution environments, it is extremely difficult to exhaustively verify and test software during the development phase. Therefore, Monitoring has become an indispensable means for finding latent software faults at runtime. Most current Monitoring approaches only generate passive monitors, which cannot foresee possible faults and consequently cannot prevent their occurrence. In this paper, we propose an Active Monitoring approach based on runtime verification. This approach aims to predict possible incoming violations using a monitor that executes anticipatory semantics of temporal logic, and then generates the necessary steering actions according to a partial system model, which steers the system away from paths causing these violations. In this case, the monitor and monitored system make up a discrete feedback control loop. We further investigate the control theory behind Active Monitoring so that non-blocking controllability can be achieved. The results of applying Active Monitoring to two cases, a railway crossing control system and security-enhanced Linux (SELinux), show that the method can effectively ensure both safety and security properties at runtime.
-
Security Goals Assurance Based on Software Active Monitoring
2011 Fifth International Conference on Secure Software Integration and Reliability Improvement, 2011Co-Authors: Changzhi Zhao, Wei Dong, Martin Leucker, Zhichang QiAbstract:Access control is a vital security mechanism in today's operating systems, and the security policies dictating the security relevant behaviors is lengthy and complex, for example in Security-Enhanced Linux (SELinux). It is extremely difficult to verify the consistency between the security policies and the security goals desired by applications. In this paper, we present how to predict whether the information flow security goal is violated or not during runtime, how to generate the corresponding control actions on-line when divergence is detected and how to apply these actions in time based on software Active Monitoring technique. The symbolic security information flow model of SElinux is generated from a formalization of the access control mechanism which can be used to generate the N-step ahead projection of the future behavior. Information flow security goals are expressed in linear temporal logic (LTL) which provides clear description of the objectives desired by applications. Anticipatory monitor is generated from LTL formula automatically. We consider an on-line scheme where after the occurrence of an event, the next control action is determined on the basis of the N-step ahead projection of the future behavior. This procedure is repeated after the occurrence of next security relevant event. Thus, a closed-loop system is generated that all behavior sequences will satisfy the security goals.
-
SSIRI - Security Goals Assurance Based on Software Active Monitoring
2011 Fifth International Conference on Secure Software Integration and Reliability Improvement, 2011Co-Authors: Changzhi Zhao, Wei Dong, Martin Leucker, Zhichang QiAbstract:Access control is a vital security mechanism in today's operating systems, and the security policies dictating the security relevant behaviors is lengthy and complex, for example in Security-Enhanced Linux (SELinux). It is extremely difficult to verify the consistency between the security policies and the security goals desired by applications. In this paper, we present how to predict whether the information flow security goal is violated or not during runtime, how to generate the corresponding control actions on-line when divergence is detected and how to apply these actions in time based on software Active Monitoring technique. The symbolic security information flow model of SElinux is generated from a formalization of the access control mechanism which can be used to generate the N-step ahead projection of the future behavior. Information flow security goals are expressed in linear temporal logic (LTL) which provides clear description of the objectives desired by applications. Anticipatory monitor is generated from LTL formula automatically. We consider an on-line scheme where after the occurrence of an event, the next control action is determined on the basis of the N-step ahead projection of the future behavior. This procedure is repeated after the occurrence of next security relevant event. Thus, a closed-loop system is generated that all behavior sequences will satisfy the security goals.
Jenny L Donovan - One of the best experts on this subject based on the ideXlab platform.
-
Active Monitoring, radical prostatectomy and radical radiotherapy in PSA-detected clinically localised prostate cancer: the ProtecT three-arm RCT.
Health technology assessment (Winchester England), 2020Co-Authors: Freddie C Hamdy, Sian Noble, Kirsty Garfield, J. Athene Lane, Chris Metcalfe, Jenny L Donovan, Malcolm Mason, Peter Holding, Julia Wade, Grace YoungAbstract:Prostate cancer is the most common cancer among men in the UK. Prostate-specific antigen testing followed by biopsy leads to overdetection, overtreatment as well as undertreatment of the disease. Evidence of treatment effectiveness has lacked because of the paucity of randomised controlled trials comparing conventional treatments. To evaluate the effectiveness of conventional treatments for localised prostate cancer (Active Monitoring, radical prostatectomy and radical radiotherapy) in men aged 50-69 years. A prospective, multicentre prostate-specific antigen testing programme followed by a randomised trial of treatment, with a comprehensive cohort follow-up. Prostate-specific antigen testing in primary care and treatment in nine urology departments in the UK. Between 2001 and 2009, 228,966 men aged 50-69 years received an invitation to attend an appointment for information about the Prostate testing for cancer and Treatment (ProtecT) study and a prostate-specific antigen test; 82,429 men were tested, 2664 were diagnosed with localised prostate cancer, 1643 agreed to randomisation to Active Monitoring (n = 545), radical prostatectomy (n = 553) or radical radiotherapy (n = 545) and 997 chose a treatment. The interventions were Active Monitoring, radical prostatectomy and radical radiotherapy. Definite or probable disease-specific mortality at the 10-year median follow-up in randomised participants. Overall mortality, metastases, disease progression, treatment complications, resource utilisation and patient-reported outcomes. There were no statistically significant differences between the groups for 17 prostate cancer-specific (p = 0.48) and 169 all-cause (p = 0.87) deaths. Eight men died of prostate cancer in the Active Monitoring group (1.5 per 1000 person-years, 95% confidence interval 0.7 to 3.0); five died of prostate cancer in the radical prostatectomy group (0.9 per 1000 person-years, 95% confidence interval 0.4 to 2.2 per 1000 person years) and four died of prostate cancer in the radical radiotherapy group (0.7 per 1000 person-years, 95% confidence interval 0.3 to 2.0 per 1000 person years). More men developed metastases in the Active Monitoring group than in the radical prostatectomy and radical radiotherapy groups: Active Monitoring, n = 33 (6.3 per 1000 person-years, 95% confidence interval 4.5 to 8.8); radical prostatectomy, n = 13 (2.4 per 1000 person-years, 95% confidence interval 1.4 to 4.2 per 1000 person years); and radical radiotherapy, n = 16 (3.0 per 1000 person-years, 95% confidence interval 1.9 to 4.9 per 1000 person-years; p = 0.004). There were higher rates of disease progression in the Active Monitoring group than in the radical prostatectomy and radical radiotherapy groups: Active Monitoring (n = 112; 22.9 per 1000 person-years, 95% confidence interval 19.0 to 27.5 per 1000 person years); radical prostatectomy (n = 46; 8.9 per 1000 person-years, 95% confidence interval 6.7 to 11.9 per 1000 person-years); and radical radiotherapy (n = 46; 9.0 per 1000 person-years, 95% confidence interval 6.7 to 12.0 per 1000 person years; p < 0.001). Radical prostatectomy had the greatest impact on sexual function/urinary continence and remained worse than radical radiotherapy and Active Monitoring. Radical radiotherapy's impact on sexual function was greatest at 6 months, but recovered somewhat in the majority of participants. Sexual and urinary function gradually declined in the Active Monitoring group. Bowel function was worse with radical radiotherapy at 6 months, but it recovered with the exception of bloody stools. Urinary voiding and nocturia worsened in the radical radiotherapy group at 6 months but recovered. Condition-specific quality-of-life effects mirrored functional changes. No differences in anxiety/depression or generic or cancer-related quality of life were found. At the National Institute for Health and Care Excellence threshold of £20,000 per quality-adjusted life-year, the probabilities that each arm was the most cost-effective option were 58% (radical radiotherapy), 32% (Active Monitoring) and 10% (radical prostatectomy). A single prostate-specific antigen test and transrectal ultrasound biopsies were used. There were very few non-white men in the trial. The majority of men had low- and intermediate-risk disease. Longer follow-up is needed. At a median follow-up point of 10 years, prostate cancer-specific mortality was low, irrespective of the assigned treatment. Radical prostatectomy and radical radiotherapy reduced disease progression and metastases, but with side effects. Further work is needed to follow up participants at a median of 15 years. Current Controlled Trials ISRCTN20141297. This project was funded by the National Institute for Health Research Health Technology Assessment programme and will be published in full in Health Technology Assessment; Vol. 24, No. 37. See the National Institute for Health Research Journals Library website for further project information.
-
Development, validation and evaluation of an instrument for Active Monitoring of men with clinically localised prostate cancer: systematic review, cohort studies and qualitative study
Health Services and Delivery Research, 2015Co-Authors: Andrew J Simpkin, J. Athene Lane, Chris Metcalfe, Richard M. Martin, Freddie C Hamdy, Jenny L Donovan, Julia Wade, Leila Rooshenas, Peter C. Albertsen, Lars HolmbergAbstract:Background:Active surveillance [(AS), sometimes called Active Monitoring (AM)],is a National Institute for Health and Care Excellence-recommended management option for men with clinically localised prostate cancer (PCa). It aims to target radical treatment only to those who would benefit most. Little consensus exists nationally or internationally about safe and effective protocols for AM/AS or triggers that indicate if or when men should move to radical treatment.Objective:The aims of this project were to review how prostate-specific antigen (PSA) has been used in AM/AS programmes; to develop and test the validity of a new model for predicting future PSA levels; to develop an instrument, based on PSA, that would be acceptable and effective for men and clinicians to use in clinical practice; and to design a robust study to evaluate the cost-effectiveness of the instrument.Methods:A systematic review was conducted to investigate how PSA is currently used to monitor men in worldwide AM/AS studies. A model for PSA change with age was developed using Prostate testing for cancer and Treatment (ProtecT) data and validated using data from two PSA-era cohorts and two pre-PSA-era cohorts. The model was used to derive 95% PSA reference ranges (PSARRs) across ages. These reference ranges were used to predict the onset of metastases or death from PCa in one of the pre-PSA-era cohorts. PSARRs were incorporated into an Active Monitoring system (AMS) and demonstrated to 18 clinicians and 20 men with PCa from four NHS trusts. Qualitative interviews investigated patients’ and clinicians’ views about current AM/AS protocols and the acceptability of the AMS within current practice.Results:The systematic review found that the most commonly used triggers for clinical review of PCa were PSA doubling time (PSADT) 1 ng/ml/year. The model for PSA change (developed using ProtecT study data) predicted PSA values in AM/AS cohorts within 2 ng/ml of observed PSA in up to 79% of men. Comparing the three PSA markers, there was no clear optimal approach to alerting men to worsening cancer. The PSARR and PSADT markers improved the model c-statistic for predicting death from PCa by 0.11 (21%) and 0.13 (25%), respectively, compared with using diagnostic information alone [PSA, age, tumour stage (T-stage)]. Interviews revealed variation in clinical practice regarding eligibility and follow-up protocols. Patients and clinicians perceive current AM/AS practice to be framed by uncertainty, ranging from uncertainty about selection of eligible AM/AS candidates to uncertainty about optimum follow-up protocols and thresholds for clinical review/radical treatment. Patients and clinicians generally responded positively to the AMS. The impact of the AMS on clinicians’ decision-making was limited by a lack of data linking AMS values to long-term outcomes and by current clinical practice, which viewed PSA measures as one of several tools guiding clinical decisions in AM/AS. Patients reported that they would look to clinicians, rather than to a tool, to direct decision-making.Limitations:The quantitative findings were severely hampered by a lack of clinical outcomes or events (such as metastases). The qualitative findings were limited through reliance on participants’ reports of practices and recollections of events rather than observations of actual interactions.Conclusions:Patients and clinicians found that the instrument provided additional, potentially helpful, information but were uncertain about the current usefulness of the risk model we developed for routine management. Comparison of the model with other Monitoring strategies will require clinical outcomes from ongoing AM/AS studies.Funding:The National Institute for Health Research Health Services and Delivery Research programme.
-
Active Monitoring radical prostatectomy or radiotherapy for localised prostate cancer study design and diagnostic and baseline results of the protect randomised phase 3 trial
Lancet Oncology, 2014Co-Authors: Athene J Lane, Chris Metcalfe, Eleanor I Walsh, Emma L Turner, Jenny L Donovan, Michael Davis, Daniel Dedman, L Down, Malcolm David Mason, Timothy J. PetersAbstract:Summary Background Prostate cancer is a major public health problem with considerable uncertainties about the effectiveness of population screening and treatment options. We report the study design, participant sociodemographic and clinical characteristics, and the initial results of the testing and diagnostic phase of the Prostate testing for cancer and Treatment (ProtecT) trial, which aims to investigate the effectiveness of treatments for localised prostate cancer. Methods In this randomised phase 3 trial, men aged 50–69 years registered at 337 primary care centres in nine UK cities were invited to attend a specialist nurse appointment for a serum prostate-specific antigen (PSA) test. Prostate biopsies were offered to men with a PSA concentration of 3·0 μg/L or higher. Consenting participants with clinically localised prostate cancer were randomly assigned to Active Monitoring (surveillance strategy), radical prostatectomy, or three-dimensional conformal external-beam radiotherapy by a computer-generated allocation system. Randomisation was stratified by site (minimised for differences in participant age, PSA results, and Gleason score). The primary endpoint is prostate cancer mortality at a median 10-year follow-up, ascertained by an independent committee, which will be analysed by intention to treat in 2016. This trial is registered with ClinicalTrials.gov, number NCT02044172, and as an International Standard Randomised Controlled Trial, number ISRCTN20141297. Findings Between Oct 1, 2001, and Jan 20, 2009, 228 966 men were invited to attend an appointment with a specialist nurse. Of the invited men, 100 444 (44%) attended their initial appointment and 82 429 (82%) of attenders had a PSA test. PSA concentration was below the biopsy threshold in 73 538 (89%) men. Of the 8566 men with a PSA concentration of 3·0–19·9 μg/L, 7414 (87%) underwent biopsies. 2896 men were diagnosed with prostate cancer (4% of tested men and 39% of those who had a biopsy), of whom 2417 (83%) had clinically localised disease (mostly T1c, Gleason score 6). With the addition of 247 pilot study participants recruited between 1999 and 2001, 2664 men were eligible for the treatment trial and 1643 (62%) agreed to be randomly assigned (545 to Active Monitoring, 545 to radiotherapy, and 553 to radical prostatectomy). Clinical and sociodemographic characteristics of randomly assigned participants were balanced across treatment groups. Interpretation The ProtecT trial randomly assigned 1643 men with localised prostate cancer to Active Monitoring, radiotherapy, or surgery. Participant clinicopathological features are more consistent with contemporary patient characteristics than in previous prostate cancer treatment trials. Funding UK National Institute for Health Research Health Technology Assessment Programme.
-
Associations of circulating 25-hydroxyvitamin D, 1,25-dihydroxyvitamin D, and vitamin D pathway genes with prostate-specific antigen progression in men with localized prostate cancer undergoing Active Monitoring.
European Journal of Cancer Prevention, 2013Co-Authors: Rebecca Gilbert, Chris Metcalfe, Richard M. Martin, Freddie C Hamdy, Jenny L Donovan, William D. Fraser, Sarah J Lewis, David E. Neal, Athene Lane, Kate TillingAbstract:Current diagnostic tests cannot differentiate the majority of prostate cancers with a low likelihood of progression from the minority with more aggressive potential. We examined whether the measures of vitamin D were associated with prostate-specific antigen (PSA) doubling time in men undergoing Active Monitoring. We examined the associations of circulating 25-hydroxyvitamin D (25(OH)D), 1,25-dihydroxyvitamin D (1,25(OH)2D), and vitamin D pathway polymorphisms with PSA doubling time in 490 men undergoing Active Monitoring for localized prostate cancer within a UK population-based cohort study [mean follow-up 4.4 years (range: 0.3-7.6)]. Repeat PSA measurements were analyzed using multilevel models. There was no evidence that circulating 25(OH)D levels, 1,25(OH)2D levels, or vitamin D pathway polymorphisms were associated with postdiagnosis PSA doubling time. Stratifying the results by prostate cancer grade at diagnosis (high grade or low grade) did not alter the results. We found no evidence that either circulating 25(OH)D, 1,25(OH)2D, or vitamin D pathway polymorphisms were associated with PSA doubling time in men undergoing Active Monitoring for localized prostate cancer. Future studies should examine the associations of variation in vitamin D with clinical outcomes (metastases and death).
-
Insulin-like growth factors (IGFs) and IGF-binding proteins in Active Monitoring of localized prostate cancer: a population-based observational study.
Cancer Causes & Control, 2012Co-Authors: Mari-anne Rowlands, Chris Metcalfe, Freddie C Hamdy, Jenny L Donovan, Athene Lane, Kate Tilling, Jeffrey M P Holly, David Gunnell, M Davis, David E. NealAbstract:Purpose Active Monitoring of prostate cancer requires the selection of low-risk cancers and subsequent identification of disease progression. Our objective was to determine whether serum insulin-like growth factor (IGF)-I, IGF-II, IGF-binding protein (IGFBP)-2 or IGFBP-3 at diagnosis (potential biomarkers of prognosis), and repeated measures of IGFBP-2 (potential biomarker of tumour growth), were associated with annual change in PSA and PSA doubling time (PSADT), proxies for disease progression.