SGXIO: Generic Trusted I/O Path for Intel SGX

Application security traditionally strongly relies upon security of the underlying operating system. However, operating systems often fall victim to software attacks, compromising security of applications as well. To overcome this dependency, Intel introduced SGX, which allows to protect application code against a subverted or malicious OS by running it in a hardware-protected enclave. However, SGX lacks support for generic trusted I/O paths to protect user input and output between enclaves and I/O devices. This work presents SGXIO, a generic trusted path architecture for SGX, allowing user applications to run securely on top of an untrusted OS, while at the same time supporting trusted paths to generic I/O devices. To achieve this, SGXIO combines the benefits of SGX's easy programming model with traditional hypervisor-based trusted path architectures. Moreover, SGXIO can tweak insecure debug enclaves to behave like secure production enclaves. SGXIO surpasses traditional use cases in cloud computing and makes SGX technology usable for protecting user-centric, local applications against kernel-level keyloggers and likewise. It is compatible to unmodified operating systems and works on a modern commodity notebook out of the box. Hence, SGXIO is particularly promising for the broad x86 community to which SGX is readily available.Comment: To appear in CODASPY'1

Comparing the above and below-ground chemical defences of three Rumex species between their native and introduced provenances

Compared to their native range, non-native plants often experience reduced levels of herbivory in the introduced range. This may result in reduced pressure to produce chemical defences that act against herbivores. We measured the most abundant secondary metabolites found in Rumex spp., namely oxalates, phenols and tannins. To test this hypothesis, we compared native (UK) and introduced (NZ) provenances of three different Rumex species (R. obtusifolius, R. crispus and R. conglomeratus, Polygonaceae) to assess whether any significant differences existed in their levels of chemical defences in either leaves and roots. All three species have previously been shown to support a lower diversity of insect herbivores and experience less herbivory in the introduced range. We further examined leaf herbivory on plants from both provenances when grown together in a common garden experiment in New Zealand to test whether any differences in damage might be consistent with variation in the quantity of chemical defences. We found that two Rumex species (R. obtusifolius and R. crispus) showed no evidence for a reduction in chemical defences, while a third (R. conglomeratus) showed only limited evidence. The common garden experiment revealed that the leaves analysed had low levels of herbivory (∼0.5%) with no differences in damage between provenances for any of the three study species. Roots tended to have a higher concentration of tannins than shoots, but again showed no difference between the provenances. As such, the findings of this study provide no evidence for lower plant investments in chemical defences, suggesting that other factors explain the success of Rumex spp. in New Zealand

The superior ophthalmic vein approach for the treatment of carotid-cavernous fistulas: Our first experience

Complex cavernous sinus fistulae (CCF) are still a technical challenge to neurovascular team. The most commonly performed treatment consists in endovascular embolization of the lesion through an arterial or venous approach. Not always these conventional routes are feasible, requiring alternative routes. We report a case of a 44-year-old woman with a complex indirect (Barrow D) carotid cavernous sinus fistula treated by two interventional sessions that imposing a retrograde direct transvenous approach via the superior ophthalmic vein

Improving Strategies via SMT Solving

We consider the problem of computing numerical invariants of programs by abstract interpretation. Our method eschews two traditional sources of imprecision: (i) the use of widening operators for enforcing convergence within a finite number of iterations (ii) the use of merge operations (often, convex hulls) at the merge points of the control flow graph. It instead computes the least inductive invariant expressible in the domain at a restricted set of program points, and analyzes the rest of the code en bloc. We emphasize that we compute this inductive invariant precisely. For that we extend the strategy improvement algorithm of [Gawlitza and Seidl, 2007]. If we applied their method directly, we would have to solve an exponentially sized system of abstract semantic equations, resulting in memory exhaustion. Instead, we keep the system implicit and discover strategy improvements using SAT modulo real linear arithmetic (SMT). For evaluating strategies we use linear programming. Our algorithm has low polynomial space complexity and performs for contrived examples in the worst case exponentially many strategy improvement steps; this is unsurprising, since we show that the associated abstract reachability problem is Pi-p-2-complete

Can the enemy release hypothesis explain the success of Rumex (Polygonaceae) species in an introduced range?

The enemy release hypothesis states that introduced plants have a competitive advantage due to their release from co-evolved natural enemies (i.e., herbivores and pathogens), which allows them to spread rapidly in new environments. This hypothesis has received mixed support to date, but previous studies have rarely examined the herbivore community, plant damage, and performance simultaneously and largely ignored below-ground herbivores. We tested for enemy release by conducting large scale field surveys of insect diversity and abundance in both the native (United Kingdom) and introduced (New Zealand) ranges of three dock (Rumex, Polygonaceae) species: R. conglomeratus Murray (clustered dock), R. crispus L. (curly dock) and R. obtusifolius L. (broad-leaved dock). We captured both above- and below-ground insect herbivores, measured herbivore damage, and plant biomass as an indicator for performance. In the introduced range, Rumex plants had a lower diversity of insect herbivores, all insect specialists present in the native range were absent and plants had lower levels of herbivore damage on both roots and leaves. Despite this, only R. crispus had greater fresh weight in the introduced range compared to the native range. This suggests that enemy release, particularly from below-ground herbivores, could be a driver for the success of R. crispus plants in New Zealand, but not for R. conglomeratus and R. obtusifolius

Accelerated Data-Flow Analysis

Acceleration in symbolic verification consists in computing the exact effect of some control-flow loops in order to speed up the iterative fix-point computation of reachable states. Even if no termination guarantee is provided in theory, successful results were obtained in practice by different tools implementing this framework. In this paper, the acceleration framework is extended to data-flow analysis. Compared to a classical widening/narrowing-based abstract interpretation, the loss of precision is controlled here by the choice of the abstract domain and does not depend on the way the abstract value is computed. Our approach is geared towards precision, but we don't loose efficiency on the way. Indeed, we provide a cubic-time acceleration-based algorithm for solving interval constraints with full multiplication

Short Paper: Blockcheck the Typechain

Recent efforts have sought to design new smart contract programming languages that make writing blockchain programs safer. But programs on the blockchain are beholden only to the safety properties enforced by the blockchain itself: even the strictest language-only properties can be rendered moot on a language-oblivious blockchain due to inter-contract interactions. Consequently, while safer languages are a necessity, fully realizing their benefits necessitates a language-aware redesign of the blockchain itself. To this end, we propose that the blockchain be viewed as a typechain: a chain of typed programs-not arbitrary blocks-that are included iff they typecheck against the existing chain. Reaching consensus, or blockchecking, validates typechecking in a byzantine fault-tolerant manner. Safety properties traditionally enforced by a runtime are instead enforced by a type system with the aim of statically capturing smart contract correctness. To provide a robust level of safety, we contend that a typechain must minimally guarantee (1) asset linearity and liveness, (2) physical resource availability, including CPU and memory, (3) exceptionless execution, or no early termination, (4) protocol conformance, or adherence to some state machine, and (5) inter-contract safety, including reentrancy safety. Despite their exacting nature, typechains are extensible, allowing for rich libraries that extend the set of verified properties. We expand on typechain properties and present examples of real-world bugs they prevent

CVD risk factors and surrogate markers-Urban-rural differences

Aims: Disparity in cardiovascular disease (CVD) mortality and risk factor levels between urban and rural regions has been confirmed worldwide. The aim of this study was to examine how living in different community types (urban-rural) in childhood and adulthood are related to cardiovascular risk factors and surrogate markers of CVD such as carotid intima-media thickness (IMT) and left ventricular mass (LVM). Methods: The study population comprised 2903 participants (54.1% female, mean age 10.5 years in 1980) of the Cardiovascular Risk in Young Finns Study who had been clinically examined in 1980 (age 3-18 years) and had participated in at least one adult follow-up (2001-2011). Results: In adulthood, urban residents had lower systolic blood pressure (-1 mmHg), LDL-cholesterol (-0.05 mmol/l), lower body mass index (-1.0 kg/m(2)) and glycosylated haemoglobin levels (-0.05 mmol/mol), and lower prevalence of metabolic syndrome (19.9 v. 23.7%) than their rural counterparts. In addition, participants continuously living in urban areas had significantly lower IMT (-0.01 mm), LVM (1.59 g/m(2.7)) and pulse wave velocity (-0.22 m/s) and higher carotid artery compliance (0.07%/10 mmHg) compared to persistently rural residents. The differences in surrogate markers of CVD were only partially attenuated when adjusted for cardiovascular risk factors. Conclusions: Participants living in urban communities had a more favourable cardiovascular risk factor profile than rural residents. Furthermore, participants continuously living in urban areas had less subclinical markers related to CVD compared with participants living in rural areas. Urban-rural differences in cardiovascular health might provide important opportunities for optimizing prevention by targeting areas of highest need.Peer reviewe