Impaired contextual modulation of memories in PTSD: an fMRI and psychophysiological study of extinction retention and fear renewal

Post-traumatic stress disorder (PTSD) patients display pervasive fear memories, expressed indiscriminately. Proposed mechanisms include enhanced fear learning and impaired extinction or extinction recall. Documented extinction recall deficits and failure to use safety signals could result from general failure to use contextual information, a hippocampus-dependent process. This can be probed by adding a renewal phase to standard conditioning and extinction paradigms. Human subjects with PTSD and combat controls were conditioned (skin conductance response), extinguished, and tested for extinction retention and renewal in a scanner (fMRI). Fear conditioning (light paired with shock) occurred in one context, followed by extinction in another, to create danger and safety contexts. The next day, the extinguished conditioned stimulus (CS+E) was re-presented to assess extinction recall (safety context) and fear renewal (danger context). PTSD patients showed impaired extinction recall, with increased skin conductance and heightened amygdala activity to the extinguished CS+ in the safety context. However, they also showed impaired fear renewal; in the danger context, they had less skin conductance response to CS+E and lower activity in amygdala and ventral-medial prefrontal cortex compared with combat controls. Control subjects displayed appropriate contextual modulation of memory recall, with extinction (safety) memory prevailing in the safety context, and fear memory prevailing in the danger context. PTSD patients could not use safety context to sustain suppression of extinguished fear memory, but they also less effectively used danger context to enhance fear. They did not display globally enhanced fear expression, but rather showed a globally diminished capacity to use contextual information to modulate fear expression

CapablePtrs: Securely Compiling Partial Programs using the Pointers-as-Capabilities Principle

Capability machines such as CHERI provide memory capabilities that can be used by compilers to provide security benefits for compiled code (e.g., memory safety). The C to CHERI compiler, for example, achieves memory safety by following a principle called "pointers as capabilities" (PAC). Informally, PAC says that a compiler should represent a source language pointer as a machine code capability. But the security properties of PAC compilers are not yet well understood. We show that memory safety is only one aspect, and that PAC compilers can provide significant additional security guarantees for partial programs: the compiler can provide guarantees for a compilation unit, even if that compilation unit is later linked to attacker-controlled machine code. This paper is the first to study the security of PAC compilers for partial programs formally. We prove for a model of such a compiler that it is fully abstract. The proof uses a novel proof technique (dubbed TrICL, read trickle), which is of broad interest because it reuses and extends the compiler correctness relation in a natural way, as we demonstrate. We implement our compiler on top of the CHERI platform and show that it can compile legacy C code with minimal code changes. We provide performance benchmarks that show how performance overhead is proportional to the number of cross-compilation-unit function calls

A Concurrent Language with a Uniform Treatment of Regions and Locks

A challenge for programming language research is to design and implement multi-threaded low-level languages providing static guarantees for memory safety and freedom from data races. Towards this goal, we present a concurrent language employing safe region-based memory management and hierarchical locking of regions. Both regions and locks are treated uniformly, and the language supports ownership transfer, early deallocation of regions and early release of locks in a safe manner

Flexible Sensor Network Reprogramming for Logistics

Besides the currently realized applications, Wireless Sensor Networks can be put to use in logistics processes. However, doing so requires a level of flexibility and safety not provided by the current WSN software platforms. This paper discusses a logistics scenario, and presents SensorScheme, a runtime environment used to realize this scenario, based on semantics of the Scheme programming language. SensorScheme is a general purpose WSN platform, providing dynamic reprogramming, memory safety (sandboxing), blocking I/O, marshalled communication, compact code transport. It improves on the state of the art by making better use of the little available memory, thereby providing greater capability in terms of program size and complexity. We illustrate the use of our platform with some application examples, and provide experimental results to show its compactness, speed of operation and energy efficiency

The Meaning of Memory Safety

We give a rigorous characterization of what it means for a programming language to be memory safe, capturing the intuition that memory safety supports local reasoning about state. We formalize this principle in two ways. First, we show how a small memory-safe language validates a noninterference property: a program can neither affect nor be affected by unreachable parts of the state. Second, we extend separation logic, a proof system for heap-manipulating programs, with a memory-safe variant of its frame rule. The new rule is stronger because it applies even when parts of the program are buggy or malicious, but also weaker because it demands a stricter form of separation between parts of the program state. We also consider a number of pragmatically motivated variations on memory safety and the reasoning principles they support. As an application of our characterization, we evaluate the security of a previously proposed dynamic monitor for memory safety of heap-allocated data.Comment: POST'18 final versio