Emissions from the combustion of torrefied and raw biomass fuels in a domestic heating stove

Biomass (pellets, briquettes, logs) are a key contributor to many countries' strategies for decarbonising heat, particularly in domestic applications. The emissions from these small devices can be high and severely impact air quality, but their levels depend on the design, control, abatement and fuel options. This paper is concerned with the last case. A comparative study shows the emissions from a domestic wood stove for three biomass fuels and their torrefied counterparts. The fuels were burned in a multi-fuel stove along with two reload batches creating continuous combustion cycles: the initial cold start data is presented but not included in averaging and calculation of emission factors. Measurements were made using an FTIR instrument for carbon and nitrogen based gaseous emissions, particulates were measured using a smoke meter with micro-quartz filters as well as a size-selective impactor to obtain the particle size distribution. Particulate emissions were significantly reduced from the torrefied fuels and this is thought to be related to their pyrolysis fingerprint, which was investigated by pyrolysis-GC–MS. NOx was slightly reduced, despite increased fuel-N after torrefaction. In addition, the reduced moisture in the torrefied fuels decreases emissions of CO and CH4 because of increased time of flaming combustion

Access to palivizumab among children at high risk of respiratory syncytial virus complications in English hospitals

Objectives: Palivizumab is a monoclonal antibody which can prevent infection with respiratory syncytial virus (RSV). Due to its high cost, it is recommended for high-risk infants only. We aimed to determine the proportion of infants eligible for palivizumab treatment in England who receive at least one dose. / Methods: We used the Hospital Treatment Insights database containing hospital admission records linked to hospital pharmacy dispensing data for 43/153 hospitals in England. Infants born between 2010 and 2016 were considered eligible for palivizumab if their medical records indicated chronic lung disease (CLD), congenital heart disease (CHD), or severe immunodeficiency (SCID), and they met additional criteria based on gestational age at birth and age at start of the RSV season (beginning of October). We calculated the proportion of infants who received at least one dose of palivizumab in their first RSV season, and modelled the odds of treatment according to multiple child characteristics using logistic regression models. / Results: We identified 3,712 eligible children, of whom 2,479 (67%) had complete information on all risk factors. Palivizumab was prescribed to 832 of eligible children (34%). Being born at <30 weeks’ gestation, aged <6 months at the start of RSV season, and having two or more of CLD, CHD or SCID were associated with higher odds of treatment. / Conclusion: In England, palivizumab is not prescribed to the majority of children who are eligible to receive it. Doctors managing these infants may be unfamiliar with the eligibility criteria or constrained by other considerations, such as cost

Objective measures of core ADHD symptoms in children and young people in naturalistic settings: A scoping review protocol

This is the final versionObjective: This scoping review aims to understand the range and type of objective measures for Attention-Deficit/ Hyperactivity Disorder (ADHD) in children and young people that could be applied in naturalistic settings. Introduction: Clinicians predominantly rely on interviews and rating scales from multiple sources for ADHD assessment. This is considered the diagnostic “reference standard”, but these are prone to issues such as informant bias and inconsistencies between different sources. Objective measures have been suggested to mitigate these issues. An objective measure is a method that assesses symptoms related to ADHD through non-opinion-based means (e.g., systematic behavioural observation and accelerometers). The data are thought to be less biased and opinion-based than subjective forms of assessment (e.g., interviews, teacher/parent rating scales). A plethora of objective measures have been put forward, with some researchers suggesting that assessments in naturalistic settings are most helpful in diagnosing children and young people. Previous studies have reviewed areas related to this question, but these need updating, focusing on objective measures in naturalistic settings. Methods: Arksey and O’Malley’s scoping review methodology framework will provide the structure of this scoping review. Electronic databases (MEDLINE, EMBASE, British Education Index (BEI), Education Resources Information Centre (ERIC), Education Research Complete, Education Abstracts, Child Development and Adolescent Studies, Psychology and Behavioural Sciences Collection, Cumulative Index to Nursing and Allied Health Literature (CINAHL), APA PsycINFO) and grey literature sources will be searched between 1st December 2021 and 28th February 2022 to identify papers relevant for inclusion. This will be followed by forward and backward citation searches of relevant reference lists. Page 2 Two reviewers will independently screen the titles, abstracts, and full text of papers. Any paper focusing on objective measures of ADHD that could be applied in naturalistic settings will be included. Sociodemographic characteristics of the participants, study characteristics and psychometric properties of the measures will be summarised and reported. Any unexpected data not captured by the data charting sheet may be included if valuable to the research questions. Inclusion criteria: Participants are children and young people aged 18 years old or under, who have been measured for ADHD traits with an objective measure.University of ExeterNational Institute for Health Research (NIHR

CHERI: A hybrid capability-system architecture for scalable software compartmentalization

CHERI extends a conventional RISC Instruction- Set Architecture, compiler, and operating system to support fine-grained, capability-based memory protection to mitigate memory-related vulnerabilities in C-language TCBs. We describe how CHERI capabilities can also underpin a hardware-software object-capability model for application compartmentalization that can mitigate broader classes of attack. Prototyped as an extension to the open-source 64-bit BERI RISC FPGA softcore processor, FreeBSD operating system, and LLVM compiler, we demonstrate multiple orders-of-magnitude improvement in scalability, simplified programmability, and resulting tangible security benefits as compared to compartmentalization based on pure Memory-Management Unit (MMU) designs. We evaluate incrementally deployable CHERI-based compartmentalization using several real-world UNIX libraries and applications.We thank our colleagues Ross Anderson, Ruslan Bukin, Gregory Chadwick, Steve Hand, Alexandre Joannou, Chris Kitching, Wojciech Koszek, Bob Laddaga, Patrick Lincoln, Ilias Marinos, A Theodore Markettos, Ed Maste, Andrew W. Moore, Alan Mujumdar, Prashanth Mundkur, Colin Rothwell, Philip Paeps, Jeunese Payne, Hassen Saidi, Howie Shrobe, and Bjoern Zeeb, our anonymous reviewers, and shepherd Frank Piessens, for their feedback and assistance. This work is part of the CTSRD and MRC2 projects sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C- 0237 and FA8750-11-C-0249. The views, opinions, and/or findings contained in this paper are those of the authors and should not be interpreted as representing the official views or policies, either expressed or implied, of the Department of Defense or the U.S. Government. We acknowledge the EPSRC REMS Programme Grant [EP/K008528/1], Isaac Newton Trust, UK Higher Education Innovation Fund (HEIF), Thales E-Security, and Google, Inc.This is the author accepted manuscript. The final version is available at http://dx.doi.org/10.1109/SP.2015.

CheriRTOS: A Capability Model for Embedded Devices

Embedded systems are deployed ubiquitously among various sectors including automotive, medical, robotics and avionics. As these devices become increasingly connected, the attack surface also increases tremendously; new mechanisms must be deployed to defend against more sophisticated attacks while not violating resource constraints. In this paper we present CheriRTOS on CHERI-64, a hardware-software platform atop Capability Hardware Enhanced RISC Instructions (CHERI) for embedded systems. Our system provides efficient and scalable task isolation, fast and secure inter-task communication, fine-grained memory safety, and real-time guarantees, using hardware capabilities as the sole protection mechanism. We summarize state-of-the-art se- curity and memory safety for embedded systems for comparison with our platform, illustrating the superior substrate provided by CHERI’s capabilities. Finally, our evaluations show that a capability system can be implemented within the constraints of embedded systems

Fast Protection-Domain Crossing in the CHERI Capability-System Architecture

Capability Hardware Enhanced RISC Instructions (CHERI) supplement the conventional memory management unit (MMU) with instruction-set architecture (ISA) extensions that implement a capability system model in the address space. CHERI can also underpin a hardware-software object-capability model for scalable application compartmentalization that can mitigate broader classes of attack. This article describes ISA additions to CHERI that support fast protection-domain switching, not only in terms of low cycle count, but also efficient memory sharing with mutual distrust. The authors propose ISA support for sealed capabilities, hardware-assisted checking during protection-domain switching, a lightweight capability flow-control model, and fast register clearing, while retaining the flexibility of a software-defined protection-domain transition model. They validate this approach through a full-system experimental design, including ISA extensions, a field-programmable gate array prototype (implemented in Bluespec SystemVerilog), and a software stack including an OS (based on FreeBSD), compiler (based on LLVM), software compartmentalization model, and open-source applications.This work is part of the CTSRD and MRC2 projects sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C-0237 and FA8750-11-C-0249. We also acknowledge the Engineering and Physical Sciences Research Council (EPSRC) REMS Programme Grant [EP/K008528/1], the EPSRC Impact Acceleration Account [EP/K503757/1], EPSRC/ARM iCASE studentship [13220009], Microsoft studentship [MRS2011-031], the Isaac Newton Trust, the UK Higher Education Innovation Fund (HEIF), Thales E-Security, and Google, Inc.This is the author accepted manuscript. The final version of the article can be found at: http://ieeexplore.ieee.org/document/7723791

Efficient tagged memory

We characterize the cache behavior of an in-memory tag table and demonstrate that an optimized implementation can typically achieve a near-zero memory traffic overhead. Both industry and academia have repeatedly demonstrated tagged memory as a key mechanism to enable enforcement of powerful security invariants, including capabilities pointer integrity, watchpoints, and information-flow tracking. A single-bit tag shadowspace is the most commonly proposed requirement, as one bit is the minimum metadata needed to distinguish between an untyped data word and any number of new hardware-enforced types. We survey various tag shadowspace approaches and identify their common requirements and positive features of their implementations. To avoid non-standard memory widths, we identify the most practical implementation for tag storage to be an in-memory table managed next to the DRAM controller. We characterize the caching performance of such a tag table and demonstrate a DRAM traffic overhead below 5\% for the vast majority of applications. We identify spatial locality on a page scale as the primary factor that enables surprisingly high table cache-ability. We then demonstrate tag-table compression for a set of common applications. A hierarchical structure with elegantly simple optimizations reduces DRAM traffic overhead to below 1\% for most applications. These insights and optimizations pave the way for commercial applications making use of single-bit tags stored in commodity memory

CheriABI: Enforcing Valid Pointer Provenance and Minimizing Pointer Privilege in the POSIX C Run-time Environment

The CHERI architecture allows pointers to be implemented as capabilities (rather than integer virtual addresses) in a manner that is compatible with, and strengthens, the semantics of the C language. In addition to the spatial protections offered by conventional fat pointers, CHERI capabilities offer strong integrity, enforced provenance validity, and access monotonicity. The stronger guarantees of these architectural capabilities must be reconciled with the real-world behavior of operating systems, run-time environments, and applications. When the process model, user-kernel interactions, dynamic linking, and memory management are all considered, we observe that simple derivation of architectural capabilities is insufficient to describe appropriate access to memory. We bridge this conceptual gap with a notional \emph{abstract capability} that describes the accesses that should be allowed at a given point in execution, whether in the kernel or userspace. To investigate this notion at scale, we describe the first adaptation of a full C-language operating system (FreeBSD) with an enterprise database (PostgreSQL) for complete spatial and referential memory safety. We show that awareness of abstract capabilities, coupled with CHERI architectural capabilities, can provide more complete protection, strong compatibility, and acceptable performance overhead compared with the pre-CHERI baseline and software-only approaches. Our observations also have potentially significant implications for other mitigation techniques.This work was supported by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C-0237 (``CTSRD'') and HR0011-18-C-0016 (``ECATS''). The views, opinions, and/or findings contained in this report are those of the authors and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government. We also acknowledge the EPSRC REMS Programme Grant (EP/K008528/1), the ERC ELVER Advanced Grant (789108), Arm Limited, HP Enterprise, and Google, Inc. Approved for Public Release, Distribution Unlimited

Cornucopia: Temporal safety for CHERI heaps

Use-after-free violations of temporal memory safety continue to plague software systems, underpinning many high-impact exploits. The CHERI capability system shows great promise in achieving C and C++ language spatial memory safety, preventing out-of-bounds accesses. Enforcing language-level temporal safety on CHERI requires capability revocation, traditionally achieved either via table lookups (avoided for performance in the CHERI design) or by identifying capabilities in memory to revoke them (similar to a garbage-collector sweep). CHERIvoke, a prior feasibility study, suggested that CHERI’s tagged capabilities could make this latter strategy viable, but modeled only architectural limits and did not consider the full implementation or evaluation of the approach. Cornucopia is a lightweight capability revocation system for CHERI that implements non-probabilistic C/C++ temporal memory safety for standard heap allocations. It extends the CheriBSD virtual-memory subsystem to track capability flow through memory and provides a concurrent kernel-resident revocation service that is amenable to multi-processor and hardware acceleration. We demonstrate an average overhead of less than 2% and a worst-case of 8.9% for concurrent revocation on compatible SPEC CPU2006 benchmarks on a multi-core CHERI CPU on FPGA, and we validate Cornucopia against the Juliet test suite’s corpus of temporally unsafe programs. We test its compatibility with a large corpus of C programs by using a revoking allocator as the system allocator while booting multi-user CheriBSD. Cornucopia is a viable strategy for always-on temporal heap memory safety, suitable for production environments.This work was supported by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C-0237 (“CTSRD”) and HR0011-18-C-0016 (“ECATS”). We also acknowledge the EPSRC REMS Programme Grant (EP/K008528/1), the ABP Grant (EP/P020011/1), the ERC ELVER Advanced Grant (789108), the Gates Cambridge Trust, Arm Limited, HP Enterprise, and Google, Inc

The Use of Agricultural Residues, Wood Briquettes and Logs for Small-Scale Domestic Heating

Large amounts of agricultural residues are produced annually in the UK alone, which presents a significant biomass energy resource. It has limited availability in briquetted form in the UK but is widely used, particularly in Asia. The aim of this work is to assess the emission from briquetted agricultural residues to wood fuel, including commercial wood briquettes, when utilised in a 5 kW domestic heating stove. Other straw-type materials, sugarcane bagasse, Miscanthus, were also investigated. The combustion behaviour depended on the chemical and physical nature of the briquettes. Results indicate that fuel choice is an important consideration for emission reduction. Fuel-N directly correlates to emitted NOx and all the fuels studied had NOx emissions below the EU regulation limit. While agricultural residues can be relatively high in Cl and S, there is evidence of in-situ capture of HCl and SO2 by calcium salts in the fuel ash. Particulate emissions correlate with the volatile matter in the fuel, but also are influenced by the quality/durability of the briquette. The briquettes performed well compared to wood logs, and while there is a fuel-type influence on emissions, it is also clear that briquettes from optimised manufacture can be lower emitting than wood logs