HardScope: Thwarting DOP with Hardware-assisted Run-time Scope Enforcement

Widespread use of memory unsafe programming languages (e.g., C and C++) leaves many systems vulnerable to memory corruption attacks. A variety of defenses have been proposed to mitigate attacks that exploit memory errors to hijack the control flow of the code at run-time, e.g., (fine-grained) randomization or Control Flow Integrity. However, recent work on data-oriented programming (DOP) demonstrated highly expressive (Turing-complete) attacks, even in the presence of these state-of-the-art defenses. Although multiple real-world DOP attacks have been demonstrated, no efficient defenses are yet available. We propose run-time scope enforcement (RSE), a novel approach designed to efficiently mitigate all currently known DOP attacks by enforcing compile-time memory safety constraints (e.g., variable visibility rules) at run-time. We present HardScope, a proof-of-concept implementation of hardware-assisted RSE for the new RISC-V open instruction set architecture. We discuss our systematic empirical evaluation of HardScope which demonstrates that it can mitigate all currently known DOP attacks, and has a real-world performance overhead of 3.2% in embedded benchmarks

An AER handshake-less modular infrastructure PCB with x8 2.5Gbps LVDS serial links

Nowadays spike-based brain processing emulation is taking off. Several EU and others worldwide projects are demonstrating this, like SpiNNaker, BrainScaleS, FACETS, or NeuroGrid. The larger the brain process emulation on silicon is, the higher the communication performance of the hosting platforms has to be. Many times the bottleneck of these system implementations is not on the performance inside a chip or a board, but in the communication between boards. This paper describes a novel modular Address-Event-Representation (AER) FPGA-based (Spartan6) infrastructure PCB (the AER-Node board) with 2.5Gbps LVDS high speed serial links over SATA cables that offers a peak performance of 32-bit 62.5Meps (Mega events per second) on board-to-board communications. The board allows back compatibility with parallel AER devices supporting up to x2 28-bit parallel data with asynchronous handshake. These boards also allow modular expansion functionality through several daughter boards. The paper is focused on describing in detail the LVDS serial interface and presenting its performance.Ministerio de Ciencia e Innovación TEC2009-10639-C04-02/01Ministerio de Economía y Competitividad TEC2012-37868-C04-02/01Junta de Andalucía TIC-6091Ministerio de Economía y Competitividad PRI-PIMCHI-2011-076

Gene doctoring: a method for recombineering in laboratory and pathogenic Escherichia coli strains

Background: Homologous recombination mediated by the lambda-Red genes is a common method for making chromosomal modifications in Escherichia coli. Several protocols have been developed that differ in the mechanisms by which DNA, carrying regions homologous to the chromosome, are delivered into the cell. A common technique is to electroporate linear DNA fragments into cells. Alternatively, DNA fragments are generated in vivo by digestion of a donor plasmid with a nuclease that does not cleave the host genome. In both cases the lambda-Red gene products recombine homologous regions carried on the linear DNA fragments with the chromosome. We have successfully used both techniques to generate chromosomal mutations in E. coli K-12 strains. However, we have had limited success with these lambda-Red based recombination techniques in pathogenic E. coli strains, which has led us to develop an enhanced protocol for recombineering in such strains. \ud \ud Results: Our goal was to develop a high-throughput recombineering system, primarily for the coupling of genes to epitope tags, which could also be used for deletion of genes in both pathogenic and K-12 E. coli strains. To that end we have designed a series of donor plasmids for use with the lambda-Red recombination system, which when cleaved in vivo by the I-SceI meganuclease generate a discrete linear DNA fragment, allowing for C-terminal tagging of chromosomal genes with a 6xHis, 3xFLAG, 4xProteinA or GFP tag or for the deletion of chromosomal regions. We have enhanced existing protocols and technologies by inclusion of a cassette conferring kanamycin resistance and, crucially, by including the sacB gene on the donor plasmid, so that all but true recombinants are counter-selected on kanamycin and sucrose containing media, thus eliminating the need for extensive screening. This method has the added advantage of limiting the exposure of cells to the potential damaging effects of the lambda-Red system, which can lead to unwanted secondary alterations to the chromosome. \ud \ud Conclusion: We have developed a counter-selective recombineering technique for epitope tagging or for deleting genes in E. coli. We have demonstrated the versatility of the technique by modifying the chromosome of the enterohaemorrhagic O157:H7 (EHEC), uropathogenic CFT073 (UPEC), enteroaggregative O42 (EAEC) and enterotoxigenic H10407 (ETEC) E. coli strains as well as in K-12 laboratory strains

Multistage Switching Architectures for Software Routers

Software routers based on personal computer (PC) architectures are becoming an important alternative to proprietary and expensive network devices. However, software routers suffer from many limitations of the PC architecture, including, among others, limited bus and central processing unit (CPU) bandwidth, high memory access latency, limited scalability in terms of number of network interface cards, and lack of resilience mechanisms. Multistage PC-based architectures can be an interesting alternative since they permit us to i) increase the performance of single software routers, ii) scale router size, iii) distribute packet manipulation and control functionality, iv) recover from single-component failures, and v) incrementally upgrade router performance. We propose a specific multistage architecture, exploiting PC-based routers as switching elements, to build a high-speed, largesize,scalable, and reliable software router. A small-scale prototype of the multistage router is currently up and running in our labs, and performance evaluation is under wa

Functional plasticity in the type IV secretion system of Helicobacter pylori.

Helicobacter pylori causes clinical disease primarily in those individuals infected with a strain that carries the cytotoxin associated gene pathogenicity island (cagPAI). The cagPAI encodes a type IV secretion system (T4SS) that injects the CagA oncoprotein into epithelial cells and is required for induction of the pro-inflammatory cytokine, interleukin-8 (IL-8). CagY is an essential component of the H. pylori T4SS that has an unusual sequence structure, in which an extraordinary number of direct DNA repeats is predicted to cause rearrangements that invariably yield in-frame insertions or deletions. Here we demonstrate in murine and non-human primate models that immune-driven host selection of rearrangements in CagY is sufficient to cause gain or loss of function in the H. pylori T4SS. We propose that CagY functions as a sort of molecular switch or perhaps a rheostat that alters the function of the T4SS and "tunes" the host inflammatory response so as to maximize persistent infection