A Synthesis of Human-related Avian Mortality in Canada

Many human activities in Canada kill wild birds, yet the relative magnitude of mortality from different sources and the consequent effects on bird populations have not been systematically evaluated. We synthesize recent estimates of avian mortality in Canada from a range of industrial and other human activities, to provide context for the estimates from individual sources presented in this special feature. We assessed the geographic, seasonal, and taxonomic variation in the magnitude of national-scale mortality and in population-level effects on species or groups across Canada, by combining these estimates into a stochastic model of stage-specific mortality. The range of estimates of avian mortality from each source covers several orders of magnitude, and, numerically, landbirds were the most affected group. In total, we estimate that approximately 269 million birds and 2 million nests are destroyed annually in Canada, the equivalent of over 186 million breeding individuals. Combined, cat predation and collisions with windows, vehicles, and transmission lines caused > 95% of all mortality; the highest industrial causes of mortality were the electrical power and agriculture sectors. Other mortality sources such as fisheries bycatch can have important local or species-specific impacts, but are relatively small at a national scale. Mortality rates differed across species and families within major bird groups, highlighting that mortality is not simply proportional to abundance. We also found that mortality is not evenly spread across the country; the largest mortality sources are coincident with human population distribution, while industrial sources are concentrated in southern Ontario, Alberta, and southwestern British Columbia. Many species are therefore likely to be vulnerable to cumulative effects of multiple human-related impacts. This assessment also confirms the high uncertainty in estimating human-related avian mortality in terms of species involved, potential for population-level effects, and the cumulative effects of mortality across the landscape. Effort is still required to improve these estimates, and to guide conservation efforts to minimize direct mortality caused by human activities on Canada's wild bird populations. As avian mortality represents only a portion of the overall impact to avifauna, indirect effects such as habitat fragmentation and alteration, site avoidance, disturbance, and related issues must also be carefully considered

Multidimensional Approach to Comparative Avian Visual Systems

Since the birth of visual ecology, comparative studies on how birds see their world have been limited to a small number of species and tended to focus on a single visual trait. This approach has constrained our ability to understand the diversity and evolution of the avian visual system. The goal of this dissertation was to characterize multiple visual dimensions on bird groups that are highly speciouse (e.g., Passeriformes), and test some hypotheses and predictions, using modern comparative tools, on the relationship between different visual traits and their association with visual information sampling behaviors. First, I developed a novel method for characterizing quantitatively the retinal topography (e.g., variation in cell density across the retina) of different bird species in a standardized manner. Second, using this method, I established that retinal configuration has converged particularly in terrestrial vertebrates into three types of retinal specializations: fovea, area, and visual streak, with the highest, intermediate, and lowest peak and peripheral ganglion cell densities, respectively. The implication is that foveate species may have more enhanced visual centers in the brain than non-foveate vertebrates. Third, forest passerines that form multi-species flocks and belong to an insectivore niche differ in their visual system configuration, which appeared associated to behavioral specializations to enhance foraging opportunities: species that searched for food at steep angles had relatively wide binocular fields with a high degree of eye movement right above their short bills, whereas species that searched for food at shallower angles had narrower binocular fields with a high degree of eye movement below their bills. Eye movement allows these species to move their fovea around to visually search for food in the complex forest environment. Fourth, I studied the visual system configuration of nine species of closely related emberizid sparrows, which appear to maximize binocular vision, even seeing their bill tips, to enhance food detection and handling. Additionally, species with more visual coverage had higher visual acuity, which may compensate for their larger blind spots above their foveae, enhancing predator detection. Overall, the visual configuration of these passive prey foragers is substantially different from previously studied avian groups (e.g., sit-and-wait and tactile foragers). Finally, I studied the visual system configuration and visual exploratory behavior of 29 North American bird species across 14 Families. I found that species with a wider blind spot in the visual field (pecten) tended to move their heads at a higher rate probably to compensate for the lack of visual information. Additionally, species with a more pronounced difference in cell density between the fovea and the retinal periphery tended to have a higher degree of eye movement likely to enhance their ability to move their fovea around to gather high quality information. Overall, the avian visual system seems to have specializations to enhance both foraging and anti-predator behaviors that differ greatly between species probably to adjust to specific environmental conditions

Capability Memory Protection for Embedded Systems

This dissertation explores the use of capability security hardware and software in real-time and latency-sensitive embedded systems, to address existing memory safety and task isolation problems as well as providing new means to design a secure and scalable real-time system. In addition, this dissertation looks into how practical and high-performance temporal memory safety can be achieved under a capability architecture. State-of-the-art memory protection schemes for embedded systems typically present limited and inflexible solutions to memory protection and isolation, and fail to scale as embedded devices become more capable and ubiquitous. I investigate whether a capability architecture is able to provide new angles to address memory safety issues in an embedded scenario. Previous CHERI capability research focuses on 64-bit architectures in UNIX operating systems, which does not translate to typical 32-bit embedded processors with low-latency and real-time requirements. I propose and implement the CHERI CC-64 encoding and the CHERI-64 coprocessor to construct a feasible capability-enabled 32-bit CPU. In addition, I implement a real-time kernel for embedded systems atop CHERI-64. On this hardware and software platform, I focus on exploring scalable task isolation and fine-grained memory protection enabled by capabilities in a single flat physical address space, which are otherwise difficult or impossible to achieve via state-of-the-art approaches. Later, I present the evaluation of the hardware implementation and the software run-time overhead and real-time performance. Even with capability support, CHERI-64 as well as other CHERI processors still expose major attack surfaces through temporal vulnerabilities like use-after-free. A naive approach that sweeps memory to invalidate stale capabilities is inefficient and incurs significant cycle overhead and DRAM traffic. To make sweeping revocation feasible, I introduce new architectural mechanisms and micro-architectural optimisations to substantially reduce the cost of memory sweeping and capability revocation. Another factor of the cost is the frequency of memory sweeping. I explore tradeoffs of memory allocator designs that use quarantine buffers and shadow space tags to prevent frequent unnecessary sweeping. The evaluation shows that the optimisations and new allocator designs reduce the cost of capability sweeping revocation by orders of magnitude, making it already practical for most applications to adopt temporal safety under CHERI.CSC Cambridge Scholarshi

Distributed eventual leader election in the crash-recovery and general omission failure models.

102 p.Distributed applications are present in many aspects of everyday life. Banking, healthcare or transportation are examples of such applications. These applications are built on top of distributed systems. Roughly speaking, a distributed system is composed of a set of processes that collaborate among them to achieve a common goal. When building such systems, designers have to cope with several issues, such as different synchrony assumptions and failure occurrence. Distributed systems must ensure that the delivered service is trustworthy.Agreement problems compose a fundamental class of problems in distributed systems. All agreement problems follow the same pattern: all processes must agree on some common decision. Most of the agreement problems can be considered as a particular instance of the Consensus problem. Hence, they can be solved by reduction to consensus. However, a fundamental impossibility result, namely (FLP), states that in an asynchronous distributed system it is impossible to achieve consensus deterministically when at least one process may fail. A way to circumvent this obstacle is by using unreliable failure detectors. A failure detector allows to encapsulate synchrony assumptions of the system, providing (possibly incorrect) information about process failures. A particular failure detector, called Omega, has been shown to be the weakest failure detector for solving consensus with a majority of correct processes. Informally, Omega lies on providing an eventual leader election mechanism

Principled Flow Tracking in IoT and Low-Level Applications

Significant fractions of our lives are spent digitally, connected to and dependent on Internet-based applications, be it through the Web, mobile, or IoT. All such applications have access to and are entrusted with private user data, such as location, photos, browsing habits, private feed from social networks, or bank details.In this thesis, we focus on IoT and Web(Assembly) apps. We demonstrate IoT apps to be vulnerable to attacks by malicious app makers who are able to bypass the sandboxing mechanisms enforced by the platform to stealthy exfiltrate user data. We further give examples of carefully crafted WebAssembly code abusing the semantics to leak user data.We are interested in applying language-based technologies to ensure application security due to the formal guarantees they provide. Such technologies analyze the underlying program and track how the information flows in an application, with the goal of either statically proving its security, or preventing insecurities from happening at runtime. As such, for protecting against the attacks on IoT apps, we develop both static and dynamic methods, while for securing WebAssembly apps we describe a hybrid approach, combining both.While language-based technologies provide strong security guarantees, they are still to see a widespread adoption outside the academic community where they emerged.In this direction, we outline six design principles to assist the developer in choosing the right security characterization and enforcement mechanism for their system.We further investigate the relative expressiveness of two static enforcement mechanisms which pursue fine- and coarse-grained approaches for tracking the flow of sensitive information in a system.\ua0Finally, we provide the developer with an automatic method for reducing the manual burden associated with some of the language-based enforcements

Stinging the Predators: A collection of papers that should never have been published

This ebook collects academic papers and conference abstracts that were meant to be so terrible that nobody in their right mind would publish them. All were submitted to journals and conferences to expose weak or non-existent peer review and other exploitative practices. Each paper has a brief introduction. Short essays round out the collection

Small TCBs of policy-controlled operating systems

IT Systeme mit qualitativ hohen Sicherheitsanforderungen verwenden zur Beschreibung, Analyse und Implementierung ihrer Sicherheitseigenschaften zunehmend problemspezifische Sicherheitspolitiken, welche ein wesentlicher Bestandteil der Trusted Computing Base (TCB) eines IT Systems sind. Aus diesem Grund sind die Korrektheit und Unumgehbarkeit der Implementierung einer TCB entscheidend, um die geforderten Sicherheitseigenschaften eines Systems herzustellen, zu wahren und zu garantieren. Viele der heutigen Betriebssysteme zeigen, welche Herausforderung die Realisierung von Sicherheitspolitiken darstellt; seit mehr als 40 Jahren unterstützen sie wahlfreie identitätsbasierte Zugriffssteuerungspolitiken nur rudimentär. Dies führt dazu, dass große Teile der Sicherheitspolitiken von Anwendersoftware durch die Anwendungen selbst implementiert werden. Infolge dessen sind die TCBs heutiger Betriebssysteme groß, heterogen und verteilt, so dass die exakte Bestimmung ihres Funktionsumfangs sehr aufwendig ist. Im Ergebnis sind die wesentlichen Eigenschaften von TCBs - Korrektheit, Robustheit und Unumgehbarkeit - nur schwer erreichbar. Dies hat zur Entwicklung von Politik gesteuerten Betriebssystemen geführt, die alle Sicherheitspolitiken eines Betriebssystems und seiner Anwendungen zentral zusammenfassen, indem sie Kernabstraktionen für Sicherheitspolitiken und Politiklaufzeitumgebungen anbieten. Aktuelle Politik gesteuerte Betriebssysteme basieren auf monolithischen Architekturen, was dazu führt, dass ihre Komponenten zur Durchsetzung ihrer Politiken im Betriebssystemkern verteilt sind. Weiterhin verfolgen sie das Ziel, ein möglichst breites Spektrum an Sicherheitspolitiken zu unterstützen. Dies hat zur Folge, dass ihre Laufzeitkomponenten für Politikentscheidung und -durchsetzung universal sind. Im Ergebnis sind ihre TCB-Implementierungen groß und komplex, so dass der TCB- Funktionsumfang nur schwer identifiziert werden kann und wesentliche Eigenschaften von TCBs nur mit erhöhtem Aufwand erreichbar sind. Diese Dissertation verfolgt einen Ansatz, der die TCBs Politik gesteuerter Betriebssysteme systematisch entwickelt. Die Idee ist, das Laufzeitsystem für Sicherheitspolitiken so maßzuschneidern, dass nur die Politiken unterstützt werden, die tatsächlich in einer TCB vorhanden sind. Dabei wird der Funktionsumfang einer TCB durch kausale Abhängigkeiten zwischen Sicherheitspolitiken und TCB-Funktionen bestimmt. Das Ergebnis sind kausale TCBs, die nur diejenigen Funktionen enthalten, die zum Durchsetzen und zum Schutz der vorhandenen Sicherheitspolitiken notwendig sind. Die präzise Identifikation von TCB-Funktionen erlaubt, die Implementierung der TCB-Funktionen von nicht-vertrauenswürdigen Systemkomponenten zu isolieren. Dadurch legen kausale TCBs die Grundlage für TCB-Implementierungen, deren Größe und Komplexität eine Analyse und Verifikation bezüglich ihrer Korrektheit und Unumgehbarkeit ermöglichen. Kausale TCBs haben ein breites Anwendungsspektrum - von eingebetteten Systemen über Politik gesteuerte Betriebssysteme bis hin zu Datenbankmanagementsystemen in großen Informationssystemen.Policy-controlled operating systems provide a policy decision and enforcement environment to protect and enforce their security policies. The trusted computing base (TCB) of these systems are large and complex, and their functional perimeter can hardly be precisely identified. As a result, a TCB's correctness and tamper-proofness are hard to ensure in its implementation. This dissertation develops a TCB engineering method for policy-controlled operating systems that tailors the policy decision and enforcement environment to support only those policies that are actually present in a TCB. A TCB's functional perimeter is identified by exploiting causal dependencies between policies and TCB functions, which results in causal TCBs that contain exactly those functions that are necessary to establish, enforce, and protect their policies. The precise identification of a TCB's functional perimeter allows for implementing a TCB in a safe environment that indeed can be isolated from untrusted system components. Thereby, causal TCB engineering sets the course for implementations whose size and complexity pave the way for analyzing and verifying a TCB's correctness and tamper-proofness.Auch im Buchhandel erhältlich: Small TCBs of policy-controlled operating systems / Anja Pölck Ilmenau : Univ.-Verl. Ilmenau, 2014. - xiii, 249 S. ISBN 978-3-86360-090-7 Preis: 24,40

Life Sciences Program Tasks and Bibliography

This document includes information on all peer reviewed projects funded by the Office of Life and Microgravity Sciences and Applications, Life Sciences Division during fiscal year 1995. Additionally, this inaugural edition of the Task Book includes information for FY 1994 programs. This document will be published annually and made available to scientists in the space life sciences field both as a hard copy and as an interactive Internet web pag