235 research outputs found
faulTPM: Exposing AMD fTPMs' Deepest Secrets
Trusted Platform Modules constitute an integral building block of modern
security features. Moreover, as Windows 11 made a TPM 2.0 mandatory, they are
subject to an ever-increasing academic challenge. While discrete TPMs - as
found in higher-end systems - have been susceptible to attacks on their exposed
communication interface, more common firmware TPMs (fTPMs) are immune to this
attack vector as they do not communicate with the CPU via an exposed bus. In
this paper, we analyze a new class of attacks against fTPMs: Attacking their
Trusted Execution Environment can lead to a full TPM state compromise. We
experimentally verify this attack by compromising the AMD Secure Processor,
which constitutes the TEE for AMD's fTPMs. In contrast to previous dTPM
sniffing attacks, this vulnerability exposes the complete internal TPM state of
the fTPM. It allows us to extract any cryptographic material stored or sealed
by the fTPM regardless of authentication mechanisms such as Platform
Configuration Register validation or passphrases with anti-hammering
protection. First, we demonstrate the impact of our findings by - to the best
of our knowledge - enabling the first attack against Full Disk Encryption
solutions backed by an fTPM. Furthermore, we lay out how any application
relying solely on the security properties of the TPM - like Bitlocker's TPM-
only protector - can be defeated by an attacker with 2-3 hours of physical
access to the target device. Lastly, we analyze the impact of our attack on FDE
solutions protected by a TPM and PIN strategy. While a naive implementation
also leaves the disk completely unprotected, we find that BitLocker's FDE
implementation withholds some protection depending on the complexity of the
used PIN. Our results show that when an fTPM's internal state is compromised, a
TPM and PIN strategy for FDE is less secure than TPM-less protection with a
reasonable passphrase.Comment: *Both authors contributed equally. We publish all code necessary to
mount the attack under https://github.com/PSPReverse/ftpm_attack. The
repository further includes several intermediate results, e.g., flash memory
dumps, to retrace the attack process without possessing the target boards and
required hardware tool
Integriertes Monitoring als Werkzeug einer nachhaltigen Stadtentwicklung
In Deutschland ist es Aufgabe der Kommunen, die rĂ€umliche Entwicklung der verfĂŒgbaren FlĂ€chen unter sozialen, ökologischen und ökonomischen Aspekten zu koordinieren (vgl. BBR 2000: 12-13). Die zustĂ€ndigen PlanungsĂ€mter bewĂ€ltigen dabei die zielgerichtete, querschnittsorientierte Betrachtung, Analyse und Vernetzung rĂ€umlicher Informationen mit dem Ziel, Handlungsbedarfe und -optionen zur zukĂŒnftigen Entwicklung der Kommune zu identifizieren. Als bewĂ€hrte Methodik können Instrumente der Raumbeobachtung diesen Prozess unterstĂŒtzen, indem rĂ€umliche VerĂ€nderungen systematisch im Zeitverlaufbeobachtet, anhand von Indikatoren gemessen und so entscheidungsunterstĂŒtzende Informationen geliefertwerden (vgl. BIRKMANN 2005: 668; GATZWEILER 2005). Im Zuge des fortschreitenden E-Goverments der Verwaltungen steigt in diesem Kontext der kommunale Bedarf an digitalen technischen Lösungen, die nutzergerecht als flexibles, integriertes EntscheidungsunterstĂŒtzungstool interaktive Darstellungswerkzeuge mit zielgerichteten Analysemethoden verbinden und so den Arbeitsalltag der kommunalen Ămter vereinfachen (vgl. KOKO GDI-DE 2013; KGST 2006). Unter BerĂŒcksichtigung europaweiter Entwicklungen zu INSPIRE und Open Data, zwecks einheitlicher und standardisierter (öffentlicher) Bereitstellung der integrierten Daten, können sich zudem Synergieeffekte mit Geodateninfrastrukturen zukunftsfĂ€higer Verwaltungsbehörden ergeben (vgl. ARBEITSGRUPPE NGIS DES LENKUNGSGREMIUM GDI-DE 2015). Auch in der Wissenschaft hat der Diskurs zur Raumbeobachtung um die Jahrtausendwende Aufschwung erhalten. Dabei erfreut sich insbesondere der Begriff Monitoring imKontext der Stadtentwicklung einer zunehmenden Beliebtheit (vgl. STREICH 2011: 189). In der Praxis wird der Begriff jedoch uneinheitlich definiert, sodass vielfĂ€ltige Anwendungsbeispiele fĂŒr Monitoringsysteme existieren, welche sich hinsichtlich ihrer QualitĂ€t sowie untersuchten Themenfelder zum Teil stark unterscheiden. Erschwerend kommt hinzu, dass die Fragmentierung kommunaler Datenstrukturen in den einzelnen FachĂ€mtern eine groĂe Herausforderung fĂŒr die umfangreiche Abbildung von Daten in einem integrierten Monitoringsystem darstellt. Im Rahmen des durch das BMBF geförderten Forschungsprojektes âKomMonitor â Kommunales Monitoring zur Raumentwicklung. Demografie, Sozialstruktur, Wohnen und Umweltâ1 wird ein integriertes, kommunales raum-zeitliches Monitoringsystem entwickelt. Als fundierte Grundlage zur Erhebung des Status quo und Entwicklung des Systems wurden u. a. öffentlich zugĂ€ngliche kommunale Geo-, Statistik-und Monitoringportale systematisch recherchiert und bewertet, um StĂ€rken, SchwĂ€chen und LĂŒcken zu identifizieren. Zur Bewertung wurde ein multikriterielles Bewertungsraster konzipiert, das auf literaturgestĂŒtzen Analysekriterien fuĂt und kommunale Anforderungen an ein Monitoringsystem berĂŒcksichtigt. Hierdurch konnten Best Practice-Beispiele herausgearbeitet und dokumentiert sowie Erfolgsfaktoren und Herausforderungen fĂŒr die Entwicklung eines anwenderorientierten, kommunalen Monitoringsystems ermittelt werden. Neben den frei verfĂŒgbaren Online-Portalen wurden auch die technischen und funktionellen Anforderungen an ein integriertes GIS-basiertes Monitoringsystem seitens der stĂ€dtischen Praxispartner betrachtet. KomMonitor setzt an den identfizierten StĂ€rken und SchwĂ€chen sowie den seitens der Kommunen formulierten Bedarfen an, um ein nachhaltiges und fachĂ€mterĂŒbergreifendes Werkzeug fĂŒr den kommunalen Arbeitsalltag zu schaffen. Dieser Beitrag fokussiert insbesondere die Methodik und die Ergebnisse der Erhebung und Bewertung öffentlicher kommunaler Geo-, Statistik-, und Monitoringportale. Aufbauend auf den gewonnenen RĂŒckschlĂŒssen der Auswertung werden anschlieĂend inhaltliche sowie technische Implikationen geschildert, die von dem zu entwickelnden KomMonitor-System erfĂŒllt werden sollen. Im Kontext der Zielsetzung einerdauerhaften Nutzbarmachung des Systems werden auĂerdem Verstetigungsoptionen vor dem Hintergrund aktueller Fördermechanismen diskutiert, welche einen Handlungsrahmen fĂŒr KomMonitor bilde
EM-Fault It Yourself: Building a Replicable EMFI Setup for Desktop and Server Hardware
EMFI has become a popular fault injection (FI) technique due to its ability
to inject faults precisely considering timing and location. Recently, ARM,
RISC-V, and even x86 processing units in different packages were shown to be
vulnerable to electromagnetic fault injection (EMFI) attacks. However, past
publications lack a detailed description of the entire attack setup, hindering
researchers and companies from easily replicating the presented attacks on
their devices. In this work, we first show how to build an automated EMFI setup
with high scanning resolution and good repeatability that is large enough to
attack modern desktop and server CPUs. We structurally lay out all details on
mechanics, hardware, and software along with this paper. Second, we use our
setup to attack a deeply embedded security co-processor in modern AMD systems
on a chip (SoCs), the AMD Secure Processor (AMD-SP). Using a previously
published code execution exploit, we run two custom payloads on the AMD-SP that
utilize the SoC to different degrees. We then visualize these fault locations
on SoC photographs allowing us to reason about the SoC's components under
attack. Finally, we show that the signature verification process of one of the
first executed firmware parts is susceptible to EMFI attacks, undermining the
security architecture of the entire SoC. To the best of our knowledge, this is
the first reported EMFI attack against an AMD desktop CPU.Comment: This is the authors' version of the article accepted for publication
at IEEE International Conference on Physical Assurance and Inspection of
Electronics (PAINE 2022
The role of neoadjuvant and adjuvant treatment for adenocarcinoma of the upper gastrointestinal tract
Both locally advanced adenocarcinoma of the stomach and gastro-esophageal junction are associated with poor prognosis due to the lack of effective treatment. Recently multimodal treatment consisting of neoadjuvant chemotherapy in combination with radiotherapy is reported to improve survival when compared to surgery alone. Neoadjuvant therapy in these locally advanced tumors allows for early tumor responses and the extent of tumor regression that can be achieved is considered a significant prognostic factor. This, in turn, increases the resectability of these tumors. Also due to the high frequency of lymph node metastasis, patients with locally advanced adenocarcinoma should undergo a D2 lymphadenectomy. Postoperative chemoradiation and perioperative chemotherapy have been studied in gastric adenocarcinomas and showed a survival benefit. However, the surgical techniques used in these trials are no longer considered to be standard by today's surgical practice. In addition, there are no standard recommendations for adjuvant chemotherapy or chemoradiation after R0 resection and adequate lymph node dissection
Evaluation of the tissue toxicity of antiseptics by the hen's egg test on the chorioallantoic membrane (HETCAM)
<p>Abstract</p> <p>Background</p> <p>Antiseptics are frequently used for the prophylaxis and treatment of local infections of chronic wounds. Whereas local antiseptics in general have a positive effect on wound healing an uncritical use may impair wound healing due to toxic side effects.</p> <p>Objective</p> <p>We sought to assess the vascular irritation potential of different antiseptic solutions and ointments commonly used for short and long term application as a measure of tissue toxicity.</p> <p>Method</p> <p>The vascular irritation was evaluated by the hen's egg test (HET) on the chorioallantoic membrane (CAM). The effects on the vessels of a mucous membrane were directly assessed by stereomicroscopic observation in vivo.</p> <p>Results</p> <p>Severe CAM irritation was observed after short-term applications of 1% octenidin-2HCl (Octeni septâą), 72% isopropanol (Cutaseptâą), 0.35% chloroxylenol (Dettolâą) and 10% PVP-I ointment (Betaisodonaâą). Medium irritations were observed for 10% PVP-I solution (Betaisodonaâą), 3% lysosomal PVP-I ointment (Repithelâą), 1.8% cadexomer-iodine ointment (Iodosorbâą) and 1% cadexomer-iodine pellets (Iodosorbâą). Finally, slight irritations were observed for 1% PVP-I solution (Betaisodonaâą), 0.1% polyhexanid plus betain (Prontosanâą) and 1% silver-sulfadiazine ointment (Flammazineâą), whereas 0.04% polyhexanid solution (Lavanidâą), washings from sterile maggots of Lucilia sericata and filtrated enzymes from Clostridium histolyticum (Iruxol-Nâą) showed no effects of irritation. In the long-term approaches, no vascular irritations were found for polyhexanid, washings from Lucilia sericata and enzyme filtrations from Clostridium histolyticum.</p> <p>Conclusion</p> <p>The vascular injuries caused by the studied antiseptics are an indirect indicator of their tissue toxicity. Strikingly, even therapeutic substances, which have been regarded as safe in their application for the treatment of chronic wounds in clinical studies, showed severe irritations on the CAM. We suggest that agents with no or low irritation potential on the CAM should be preferred in the clinical practice in order to obtain optimal results.</p
Correction to: EGFR/Ras-induced CCL20 production modulates the tumour microenvironment
The article âEGFR/Ras-induced CCL20 production modulates the tumour microenvironmentâ, written by Andreas Hippe, Stephan Alexander Braun, PĂ©ter OlĂĄh, Peter Arne Gerber, Anne Schorr, Stephan Seeliger, Stephanie Holtz, Katharina Jannasch, Andor Pivarcsi, Bettina Buhren, Holger Schrumpf, Andreas Kislat, Erich BĂŒnemann, Martin Steinhoff, Jens Fischer, SĂ©rgio A. Lira, Petra Boukamp, Peter Hevezi, Nikolas Hendrik Stoecklein, Thomas Hoffmann, Frauke Alves, Jonathan Sleeman, Thomas Bauer, Jörg Klufa, Nicole Amberg, Maria Sibilia, Albert Zlotnik, Anja MĂŒller- Homey and Bernhard Homey, was originally published electronically on the publisherâs internet portal on 30 June 2020 without open access. With the author(s)â decision to opt for Open Choice the copyright of the article changed on 16 September 2021 to © The Author(s) 2021 and the article is forthwith distributed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the articleâs Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the articleâs Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/ licenses/by/4.0/. Open Access funding enabled and organized by Projekt DEAL
Chemokine ligand-receptor interactions critically regulate cutaneous wound healing
Background: Wound healing represents a dynamic process involving directional migration of different cell types. Chemokines, a family of chemoattractive proteins, have been suggested to be key players in cell-to-cell communication and essential for directed migration of structural cells. Today, the role of the chemokine network in cutaneous wound healing is not fully understood. Unraveling the chemokine-driven communication pathways in this complex process could possibly lead to new therapeutic strategies in wound healing disorders. Methods: We performed a systematic, comprehensive time-course analysis of the expression and function of a broad variety of cytokines, growth factors, adhesion molecules, matrixmetalloproteinases and chemokines in a murine cutaneous wound healing model. Results: Strikingly, chemokines were found to be among the most highly regulated genes and their expression was found to coincide with the expression of their matching receptors. Accordingly, we could show that resting and activated human primary keratinocytes (CCR3, CCR4, CCR6, CXCR1, CXCR3), dermal fibroblasts (CCR3, CCR4, CCR10) and dermal microvascular endothelial cells (CCR3, CCR4, CCR6, CCR8, CCR9, CCR10, CXCR1, CXCR2, CXCR3) express a distinct and functionally active repertoire of chemokine receptors. Furthermore, chemokine ligand-receptor interactions markedly improved the wound repair of structural skin cells in vitro. Conclusion: Taken together, we here present the most comprehensive analysis of mediators critically involved in acute cutaneous wound healing. Our findings suggest therapeutic approaches for the management of wound closure by targeting the chemokine network
- âŠ