CHERI: a research platform deconflating hardware virtualisation and protection

Contemporary CPU architectures conflate virtualization and protection, imposing virtualization-related performance, programmability, and debuggability penalties on software requiring finegrained protection. First observed in micro-kernel research, these problems are increasingly apparent in recent attempts to mitigate software vulnerabilities through application compartmentalisation. Capability Hardware Enhanced RISC Instructions (CHERI) extend RISC ISAs to support greater software compartmentalisation. CHERI’s hybrid capability model provides fine-grained compartmentalisation within address spaces while maintaining software backward compatibility, which will allow the incremental deployment of fine-grained compartmentalisation in both our most trusted and least trustworthy C-language software stacks. We have implemented a 64-bit MIPS research soft core, BERI, as well as a capability coprocessor, and begun adapting commodity software packages (FreeBSD and Chromium) to execute on the platform

Cognitive tests used in chronic adult human randomised controlled trial micronutrient and phytochemical intervention studies

In recent years there has been a rapid growth of interest in exploring the relationship between nutritional therapies and the maintenance of cognitive function in adulthood. Emerging evidence reveals an increasingly complex picture with respect to the benefits of various food constituents on learning, memory and psychomotor function in adults. However, to date, there has been little consensus in human studies on the range of cognitive domains to be tested or the particular tests to be employed. To illustrate the potential difficulties that this poses, we conducted a systematic review of existing human adult randomised controlled trial (RCT) studies that have investigated the effects of 24 d to 36 months of supplementation with flavonoids and micronutrients on cognitive performance. There were thirty-nine studies employing a total of 121 different cognitive tasks that met the criteria for inclusion. Results showed that less than half of these studies reported positive effects of treatment, with some important cognitive domains either under-represented or not explored at all. Although there was some evidence of sensitivity to nutritional supplementation in a number of domains (for example, executive function, spatial working memory), interpretation is currently difficult given the prevailing 'scattergun approach' for selecting cognitive tests. Specifically, the practice means that it is often difficult to distinguish between a boundary condition for a particular nutrient and a lack of task sensitivity. We argue that for significant future progress to be made, researchers need to pay much closer attention to existing human RCT and animal data, as well as to more basic issues surrounding task sensitivity, statistical power and type I error

Modest serum creatinine elevation affects adverse outcome after general surgery

Modest serum creatinine elevation affects adverse outcome after general surgery.BackgroundModest preoperative serum creatinine elevation (1.5 to 3.0 mg/dL) has been recently shown to be independently associated with morbidity and mortality after cardiac surgery. It is important to know if this association can be applied more broadly to general surgery cases.MethodsMultivariable logistic regression analyses of 46 risk variables in 49,081 cases from the Veterans Affairs National Surgical Quality Improvement Program, undergoing major general surgery from 10/1/96 through 9/30/98.ResultsThirty day mortality and several cardiac, respiratory, infectious and hemorrhagic morbidities were significantly (P < 0.001) higher in patients with a serum creatinine>1.5 mg/dL. With multivariable analysis, the adjusted odds ratio for mortality for patients with a serum creatinine of 1.5 to 3.0 mg/dL was 1.44 [95% confidence interval (95% CI) 1.22 to 1.71] and for creatinine>3.0 mg/dL was 1.93 (95% CI 1.51 to 2.46). The adjusted odds ratio for morbidity (one or more postoperative complications) for patients with a serum creatinine of 1.5 to 3.0 mg/dL was 1.18 (95% CI 1.06 to 1.32) and for creatinine>3.0 mg/dL was 1.19 (95% CI 0.99 to 1.43). Further stratification and recursive partitioning of creatinine levels revealed that a serum creatinine level>1.5 mg/dL was the approximate threshold for both increased morbidity and mortality.ConclusionsModest preoperative serum creatinine elevation (>1.5 mg/dL) is a significant predictor of risk-adjusted morbidity and mortality after general surgery. A preoperative serum creatinine of 1.5 mg/dL or higher is a readily available marker for potential adverse outcomes after general surgery

CHERI: A hybrid capability-system architecture for scalable software compartmentalization

CHERI extends a conventional RISC Instruction- Set Architecture, compiler, and operating system to support fine-grained, capability-based memory protection to mitigate memory-related vulnerabilities in C-language TCBs. We describe how CHERI capabilities can also underpin a hardware-software object-capability model for application compartmentalization that can mitigate broader classes of attack. Prototyped as an extension to the open-source 64-bit BERI RISC FPGA softcore processor, FreeBSD operating system, and LLVM compiler, we demonstrate multiple orders-of-magnitude improvement in scalability, simplified programmability, and resulting tangible security benefits as compared to compartmentalization based on pure Memory-Management Unit (MMU) designs. We evaluate incrementally deployable CHERI-based compartmentalization using several real-world UNIX libraries and applications.We thank our colleagues Ross Anderson, Ruslan Bukin, Gregory Chadwick, Steve Hand, Alexandre Joannou, Chris Kitching, Wojciech Koszek, Bob Laddaga, Patrick Lincoln, Ilias Marinos, A Theodore Markettos, Ed Maste, Andrew W. Moore, Alan Mujumdar, Prashanth Mundkur, Colin Rothwell, Philip Paeps, Jeunese Payne, Hassen Saidi, Howie Shrobe, and Bjoern Zeeb, our anonymous reviewers, and shepherd Frank Piessens, for their feedback and assistance. This work is part of the CTSRD and MRC2 projects sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C- 0237 and FA8750-11-C-0249. The views, opinions, and/or findings contained in this paper are those of the authors and should not be interpreted as representing the official views or policies, either expressed or implied, of the Department of Defense or the U.S. Government. We acknowledge the EPSRC REMS Programme Grant [EP/K008528/1], Isaac Newton Trust, UK Higher Education Innovation Fund (HEIF), Thales E-Security, and Google, Inc.This is the author accepted manuscript. The final version is available at http://dx.doi.org/10.1109/SP.2015.

Proinsulin-Reactive CD4 T Cells in the Islets of Type 1 Diabetes Organ Donors

Proinsulin is an abundant protein that is selectively expressed by pancreatic beta cells and has been a focus for development of antigen-specific immunotherapies for type 1 diabetes (T1D). In this study, we sought to comprehensively evaluate reactivity to preproinsulin by CD4 T cells originally isolated from pancreatic islets of organ donors having T1D. We analyzed 187 T cell receptor (TCR) clonotypes expressed by CD4 T cells obtained from six T1D donors and determined their response to 99 truncated preproinsulin peptide pools, in the presence of autologous B cells. We identified 14 TCR clonotypes from four out of the six donors that responded to preproinsulin peptides. Epitopes were found across all of proinsulin (insulin B-chain, C-peptide, and A-chain) including four hot spot regions containing peptides commonly targeted by TCR clonotypes derived from multiple T1D donors. Of importance, these hot spots overlap with peptide regions to which CD4 T cell responses have previously been detected in the peripheral blood of T1D patients. The 14 TCR clonotypes recognized proinsulin peptides presented by various HLA class II molecules, but there was a trend for dominant restriction with HLA-DQ, especially T1D risk alleles DQ8, DQ2, and DQ8-trans. The characteristics of the tri-molecular complex including proinsulin peptide, HLA-DQ molecule, and TCR derived from CD4 T cells in islets, provides an essential basis for developing antigen-specific biomarkers as well as immunotherapies

Structure of the Claudin-binding Domain of Clostridium perfringens Enterotoxin

Clostridium perfringens enterotoxin is a common cause of food-borne and antibiotic-associated diarrhea. The toxin's receptors on intestinal epithelial cells include claudin-3 and -4, members of a large family of tight junction proteins. Toxin-induced cytolytic pore formation requires residues in the NH(2)-terminal half, whereas residues near the COOH terminus are required for binding to claudins. The claudin-binding COOH-terminal domain is not toxic and is currently under investigation as a potential drug absorption enhancer. Because claudin-4 is overexpressed on some human cancers, the toxin is also being investigated for targeting chemotherapy. Our aim was to solve the structure of the claudin-binding domain to advance its therapeutic applications. The structure of a 14-kDa fragment containing residues 194 to the native COOH terminus at position 319 was solved by x-ray diffraction to a resolution of 1.75A. The structure is a nine-strand beta sandwich with previously unappreciated similarity to the receptor-binding domains of several other toxins of spore-forming bacteria, including the collagen-binding domain of ColG from Clostridium histolyticum and the large Cry family of toxins (including Cry4Ba) of Bacillus thuringiensis. Correlations with previous studies suggest that the claudin-4 binding site is on a large surface loop between strands beta8 and beta9 or includes these strands. The sequence that was crystallized (residues 194-319) binds to purified human claudin-4 with a 1:1 stoichiometry and affinity in the submicromolar range similar to that observed for binding of native toxin to cells. Our results provide a structural framework to advance therapeutic applications of the toxin and suggest a common ancestor for several receptor-binding domains of bacterial toxins

Building Cohesion in Distributed Telemedicine Teams Findings from the Department of Veterans Affairs National Telestroke Program

Background: As telemedicine adoption increases, so does the importance of building cohesion among physicians in telemedicine teams. For example, in acute telestroke services, stroke specialists provide rapid virtual stroke assessment and treatment to patients at hospitals without stroke specialty care. In the National Telestroke Program (NTSP) of the U.S. Department of Veterans Affairs, a virtual (distributed) hub of stroke specialists throughout the country provides 24/7 consultations nationwide. We examined how these specialists adapted to distributed teamwork, and we identied cohesion-related factors inprogram development and support. Methods: We conducted a case study of the stroke specialists employed by the NTSP. Semi-structured, condential interviews with stroke specialists in the virtual hub were recorded and transcribed. We explored the extent to which these specialists had developed a sense of shared identity and teamcohesion, and we identied factors in this development. Using a qualitative approach with constant comparison methods, two researchers coded each interview transcript independently using a shared codebook. We used matrix displays to identify themes, with special attention to team cohesion, communication, trust, and satisfaction. Results: Of 13 specialists with at least 8 months of NTSP practice, 12 completed interviews; 7 had previously practiced in telestroke programs in other healthcare systems. Interviewees reported high levels of trust and team cohesion, sometimes even more with their virtual colleagues than with local colleagues. Factors facilitating perceived team cohesion included a weekly case conference call, a sense of transparency in discussing challenges, engagement in NTSP development tasks, and support from the NTSP leadership. Although lack of in-person contact was associated with lower cohesion, annual in-person NTSP meetings helped mitigate this issue. Despite technical challenges in establishing a new telehealth system within existing national infrastructure, providers reported high levels of satisfaction with the NTSP.Conclusion: A virtual telestroke hub can provide a sense of team cohesion among stroke specialists at a level comparable with a standard co-located practice. Engaging in transparent discussion of challenging cases, reviewing new clinical evidence, and contributing to program improvements may promotecohesion in distributed telemedicine teamsThis work was funded by the Veterans Health Administration (VHA) Office of Rural Health (016ORH), VHA Office of Specialty Care, VA Health Services Research and Development (HSR&D) Precision Monitoring Quality Enhancement Research Initiative (QUE 15-280). Funding sources had no role in study design, data collection, data analysis, data interpretation, or manuscript writing. The views expressed herein are those of the authors and do not necessarily reflect the views of the U.S. Department of Veterans Affairs

Lactation and neonatal nutrition: defining and refining the critical questions.

This paper resulted from a conference entitled "Lactation and Milk: Defining and refining the critical questions" held at the University of Colorado School of Medicine from January 18-20, 2012. The mission of the conference was to identify unresolved questions and set future goals for research into human milk composition, mammary development and lactation. We first outline the unanswered questions regarding the composition of human milk (Section I) and the mechanisms by which milk components affect neonatal development, growth and health and recommend models for future research. Emerging questions about how milk components affect cognitive development and behavioral phenotype of the offspring are presented in Section II. In Section III we outline the important unanswered questions about regulation of mammary gland development, the heritability of defects, the effects of maternal nutrition, disease, metabolic status, and therapeutic drugs upon the subsequent lactation. Questions surrounding breastfeeding practice are also highlighted. In Section IV we describe the specific nutritional challenges faced by three different populations, namely preterm infants, infants born to obese mothers who may or may not have gestational diabetes, and infants born to undernourished mothers. The recognition that multidisciplinary training is critical to advancing the field led us to formulate specific training recommendations in Section V. Our recommendations for research emphasis are summarized in Section VI. In sum, we present a roadmap for multidisciplinary research into all aspects of human lactation, milk and its role in infant nutrition for the next decade and beyond

Fast Protection-Domain Crossing in the CHERI Capability-System Architecture

Capability Hardware Enhanced RISC Instructions (CHERI) supplement the conventional memory management unit (MMU) with instruction-set architecture (ISA) extensions that implement a capability system model in the address space. CHERI can also underpin a hardware-software object-capability model for scalable application compartmentalization that can mitigate broader classes of attack. This article describes ISA additions to CHERI that support fast protection-domain switching, not only in terms of low cycle count, but also efficient memory sharing with mutual distrust. The authors propose ISA support for sealed capabilities, hardware-assisted checking during protection-domain switching, a lightweight capability flow-control model, and fast register clearing, while retaining the flexibility of a software-defined protection-domain transition model. They validate this approach through a full-system experimental design, including ISA extensions, a field-programmable gate array prototype (implemented in Bluespec SystemVerilog), and a software stack including an OS (based on FreeBSD), compiler (based on LLVM), software compartmentalization model, and open-source applications.This work is part of the CTSRD and MRC2 projects sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C-0237 and FA8750-11-C-0249. We also acknowledge the Engineering and Physical Sciences Research Council (EPSRC) REMS Programme Grant [EP/K008528/1], the EPSRC Impact Acceleration Account [EP/K503757/1], EPSRC/ARM iCASE studentship [13220009], Microsoft studentship [MRS2011-031], the Isaac Newton Trust, the UK Higher Education Innovation Fund (HEIF), Thales E-Security, and Google, Inc.This is the author accepted manuscript. The final version of the article can be found at: http://ieeexplore.ieee.org/document/7723791