Proving the Absence of Microarchitectural Timing Channels

Microarchitectural timing channels are a major threat to computer security. A set of OS mechanisms called time protection was recently proposed as a principled way of preventing information leakage through such channels and prototyped in the seL4 microkernel. We formalise time protection and the underlying hardware mechanisms in a way that allows linking them to the information-flow proofs that showed the absence of storage channels in seL4.Comment: Scott Buckley and Robert Sison were joint lead author

Cogent: uniqueness types and certifying compilation

This paper presents a framework aimed at significantly reducing the cost of proving functional correctness for low-level operating systems components. The framework is designed around a new functional programming language, Cogent. A central aspect of the language is its uniqueness type system, which eliminates the need for a trusted runtime or garbage collector while still guaranteeing memory safety, a crucial property for safety and security. Moreover, it allows us to assign two semantics to the language: The first semantics is imperative, suitable for efficient C code generation, and the second is purely functional, providing a user-friendly interface for equational reasoning and verification of higher-level correctness properties. The refinement theorem connecting the two semantics allows the compiler to produce a proof via translation validation certifying the correctness of the generated C code with respect to the semantics of the Cogent source program. We have demonstrated the effectiveness of our framework for implementation and for verification through two file system implementations

Cogent: uniqueness types and certifying compilation.

This paper presents a framework aimed at significantly reducing the cost of proving functional correctness for low-level operating systems components. The framework is designed around a new functional programming language, Cogent. A central aspect of the language is its uniqueness type system, which eliminates the need for a trusted runtime or garbage collector while still guaranteeing memory safety, a crucial property for safety and security. Moreover, it allows us to assign two semantics to the language: The first semantics is imperative, suitable for efficient C code generation, and the second is purely functional, providing a user-friendly interface for equational reasoning and verification of higher-level correctness properties. The refinement theorem connecting the two semantics allows the compiler to produce a proof via translation validation certifying the correctness of the generated C code with respect to the semantics of the Cogent source program. We have demonstrated the effectiveness of our framework for implementation and for verification through two file system implementations

Lassie: HOL4 Tactics by Example

Proof engineering efforts using interactive theorem proving have yielded several impressive projects in software systems and mathematics. A key obstacle to such efforts is the requirement that the domain expert is also an expert in the low-level details in constructing the proof in a theorem prover. In particular, the user needs to select a sequence of tactics that lead to a successful proof, a task that in general requires knowledge of the exact names and use of a large set of tactics. We present Lassie, a tactic framework for the HOL4 theorem prover that allows individual users to define their own tactic language by example and give frequently used tactics or tactic combinations easier-to-remember names. The core of Lassie is an extensible semantic parser, which allows the user to interactively extend the tactic language through a process of definitional generalization. Defining tactics in Lassie thus does not require any knowledge in implementing custom tactics, while proofs written in Lassie retain the correctness guarantees provided by the HOL4 system. We show through case studies how Lassie can be used in small and larger proofs by novice and more experienced interactive theorem prover users, and how we envision it to ease the learning curve in a HOL4 tutorial

Age and sex associate with outcome in older AML and high risk MDS patients treated with 10-day decitabine

Treatment choice according to the individual conditions remains challenging, particularly in older patients with acute myeloid leukemia (AML) and high risk myelodysplastic syndrome (MDS). The impact of performance status, comorbidities, and physical functioning on survival is not well defined for patients treated with hypomethylating agents. Here we describe the impact of performance status (14% ECOG performance status 2), comorbidity (40% HCT-comorbidity index ≥ 2), and physical functioning (41% short physical performance battery &lt; 9 and 17% ADL index &lt; 6) on overall survival (OS) in 115 older patients (age ≥ 66 years) treated on a clinical trial with a 10-day decitabine schedule. None of the patient-related variables showed a significant association with OS. Multivariable analysis revealed that age &gt; 76 years was significantly associated with reduced OS (HR 1.58; p = 0.043) and female sex was associated with superior OS (HR 0.62; p = 0.06). We further compared the genetic profiles of these subgroups. This revealed comparable mutational profiles in patients younger and older than 76 years, but, interestingly, revealed significantly more prevalent mutated ASXL1, STAG2, and U2AF1 in male compared to female patients. In this cohort of older patients treated with decitabine age and sex, but not comorbidities, physical functioning or cytogenetic risk were associated with overall survival.</p

Age and sex associate with outcome in older AML and high risk MDS patients treated with 10-day decitabine

Treatment choice according to the individual conditions remains challenging, particularly in older patients with acute myeloid leukemia (AML) and high risk myelodysplastic syndrome (MDS). The impact of performance status, comorbidities, and physical functioning on survival is not well defined for patients treated with hypomethylating agents. Here we describe the impact of performance status (14% ECOG performance status 2), comorbidity (40% HCT-comorbidity index ≥ 2), and physical functioning (41% short physical performance battery &lt; 9 and 17% ADL index &lt; 6) on overall survival (OS) in 115 older patients (age ≥ 66 years) treated on a clinical trial with a 10-day decitabine schedule. None of the patient-related variables showed a significant association with OS. Multivariable analysis revealed that age &gt; 76 years was significantly associated with reduced OS (HR 1.58; p = 0.043) and female sex was associated with superior OS (HR 0.62; p = 0.06). We further compared the genetic profiles of these subgroups. This revealed comparable mutational profiles in patients younger and older than 76 years, but, interestingly, revealed significantly more prevalent mutated ASXL1, STAG2, and U2AF1 in male compared to female patients. In this cohort of older patients treated with decitabine age and sex, but not comorbidities, physical functioning or cytogenetic risk were associated with overall survival.</p

Age and sex associate with outcome in older AML and high risk MDS patients treated with 10-day decitabine

Treatment choice according to the individual conditions remains challenging, particularly in older patients with acute myeloid leukemia (AML) and high risk myelodysplastic syndrome (MDS). The impact of performance status, comorbidities, and physical functioning on survival is not well defined for patients treated with hypomethylating agents. Here we describe the impact of performance status (14% ECOG performance status 2), comorbidity (40% HCT-comorbidity index ≥ 2), and physical functioning (41% short physical performance battery &lt; 9 and 17% ADL index &lt; 6) on overall survival (OS) in 115 older patients (age ≥ 66 years) treated on a clinical trial with a 10-day decitabine schedule. None of the patient-related variables showed a significant association with OS. Multivariable analysis revealed that age &gt; 76 years was significantly associated with reduced OS (HR 1.58; p = 0.043) and female sex was associated with superior OS (HR 0.62; p = 0.06). We further compared the genetic profiles of these subgroups. This revealed comparable mutational profiles in patients younger and older than 76 years, but, interestingly, revealed significantly more prevalent mutated ASXL1, STAG2, and U2AF1 in male compared to female patients. In this cohort of older patients treated with decitabine age and sex, but not comorbidities, physical functioning or cytogenetic risk were associated with overall survival.</p