CUP: Comprehensive User-Space Protection for C/C++

Memory corruption vulnerabilities in C/C++ applications enable attackers to execute code, change data, and leak information. Current memory sanitizers do no provide comprehensive coverage of a program's data. In particular, existing tools focus primarily on heap allocations with limited support for stack allocations and globals. Additionally, existing tools focus on the main executable with limited support for system libraries. Further, they suffer from both false positives and false negatives. We present Comprehensive User-Space Protection for C/C++, CUP, an LLVM sanitizer that provides complete spatial and probabilistic temporal memory safety for C/C++ program on 64-bit architectures (with a prototype implementation for x86_64). CUP uses a hybrid metadata scheme that supports all program data including globals, heap, or stack and maintains the ABI. Compared to existing approaches with the NIST Juliet test suite, CUP reduces false negatives by 10x (0.1%) compared to the state of the art LLVM sanitizers, and produces no false positives. CUP instruments all user-space code, including libc and other system libraries, removing them from the trusted code base

The Meaning of Memory Safety

We give a rigorous characterization of what it means for a programming language to be memory safe, capturing the intuition that memory safety supports local reasoning about state. We formalize this principle in two ways. First, we show how a small memory-safe language validates a noninterference property: a program can neither affect nor be affected by unreachable parts of the state. Second, we extend separation logic, a proof system for heap-manipulating programs, with a memory-safe variant of its frame rule. The new rule is stronger because it applies even when parts of the program are buggy or malicious, but also weaker because it demands a stricter form of separation between parts of the program state. We also consider a number of pragmatically motivated variations on memory safety and the reasoning principles they support. As an application of our characterization, we evaluate the security of a previously proposed dynamic monitor for memory safety of heap-allocated data.Comment: POST'18 final versio

Attention and automation: New perspectives on mental underload and performance

There is considerable evidence in the ergonomics literature that automation can significantly reduce operator mental workload. Furthermore, reducing mental workload is not necessarily a good thing, particularly in cases where the level is already manageable. This raises the issue of mental underload, which can be at least as detrimental to performance as overload. However, although it is widely recognized that mental underload is detrimental to performance, there are very few attempts to explain why this may be the case. It is argued in this paper that, until the need for a human operator is completely eliminated, automation has psychological implications relevant in both theoretical and applied domains. The present paper reviews theories of attention, as well as the literature on mental workload and automation, to synthesize a new explanation for the effects of mental underload on performance. Malleable attentional resources theory proposes that attentional capacity shrinks to accommodate reductions in mental workload, and that this shrinkage is responsible for the underload effect. The theory is discussed with respect to the applied implications for ergonomics research

Getting the best outcomes from epilepsy surgery.

Neurosurgery is an underutilized treatment that can potentially cure drug-refractory epilepsy. Careful, multidisciplinary presurgical evaluation is vital for selecting patients and to ensure optimal outcomes. Advances in neuroimaging have improved diagnosis and guided surgical intervention. Invasive electroencephalography allows the evaluation of complex patients who would otherwise not be candidates for neurosurgery. We review the current state of the assessment and selection of patients and consider established and novel surgical procedures and associated outcome data. We aim to dispel myths that may inhibit physicians from referring and patients from considering neurosurgical intervention for drug-refractory focal epilepsies. Ann Neurol 2018;83:676-690

The Reconstruction of the Beirut Central District: An urban geography of war and peace

Three conceptual themes of public-private, temporality, and heritage-modernity are used to develop an urban geography of war and peace of Beirut. During the 1975-1990 Lebanese civil war public space shrank and people retreated deeper into localised neighbourhoods, with private space becoming more public as people accommodated those who were displaced. Since the war, the public sector has been rehabilitated, but decision making autonomy on the reconstruction of Beirut’s centre has been handed to a private company. The theme of temporality concerns the relationship between the city’s past, present, and future, with debates on what parts of the city should be preserved intimately bound with notions of memory and forgetting. The relationship between heritage and modernity, both of which are fluid and evolving notions, has informed the reconstruction of the city. The reclamation by Beirutis of the centre of the city following the assassination of Rafic Hariri in 2005 makes clear that urban space is constructed as much by publics as by architects and town planners, with Place des Martyrs once again functioning as an integrating space for public dialogue and reconciliation