SMoTherSpectre: exploiting speculative execution through port contention

Spectre, Meltdown, and related attacks have demonstrated that kernels, hypervisors, trusted execution environments, and browsers are prone to information disclosure through micro-architectural weaknesses. However, it remains unclear as to what extent other applications, in particular those that do not load attacker-provided code, may be impacted. It also remains unclear as to what extent these attacks are reliant on cache-based side channels. We introduce SMoTherSpectre, a speculative code-reuse attack that leverages port-contention in simultaneously multi-threaded processors (SMoTher) as a side channel to leak information from a victim process. SMoTher is a fine-grained side channel that detects contention based on a single victim instruction. To discover real-world gadgets, we describe a methodology and build a tool that locates SMoTher-gadgets in popular libraries. In an evaluation on glibc, we found hundreds of gadgets that can be used to leak information. Finally, we demonstrate proof-of-concept attacks against the OpenSSH server, creating oracles for determining four host key bits, and against an application performing encryption using the OpenSSL library, creating an oracle which can differentiate a bit of the plaintext through gadgets in libcrypto and glibc

Time Protection: the Missing OS Abstraction

Timing channels enable data leakage that threatens the security of computer systems, from cloud platforms to smartphones and browsers executing untrusted third-party code. Preventing unauthorised information flow is a core duty of the operating system, however, present OSes are unable to prevent timing channels. We argue that OSes must provide time protection in addition to the established memory protection. We examine the requirements of time protection, present a design and its implementation in the seL4 microkernel, and evaluate its efficacy as well as performance overhead on Arm and x86 processors

DNA metabarcoding as a marine conservation and management tool: A circumpolar examination of fishery discards in the diet of threatened albatrosses

Almost all of the world's fisheries overlap spatially and temporally with foraging seabirds, with impacts that range from food supplementation (through scavenging behind vessels), to resource competition and incidental mortality. The nature and extent of interactions between seabirds and fisheries vary, as does the level and efficacy of management and mitigation. Seabird dietary studies provide information on prey diversity and often identify species that are also caught in fisheries, providing evidence of linkages which can be used to improve ecosystem based management of fisheries. However, species identification of fish can be difficult with conventional dietary techniques. The black-browed albatross (Thalassarche melanophris) has a circumpolar distribution and has suffered major population declines due primarily to incidental mortality in fisheries. We use DNA metabarcoding of black-browed albatross scats to investigate their fish prey during the breeding season at six sites across their range, over two seasons. We identify the spatial and temporal diversity of fish in their diets and overlaps with fisheries operating in adjacent waters. Across all sites, 51 fish species from 33 families were identified, with 23 species contributing >10% of the proportion of samples or sequences at any site. There was extensive geographic variation but little inter-annual variability in fish species consumed. Several fish species that are not easily accessible to albatross, but are commercially harvested or by-caught, were detected in the albatross diet during the breeding season. This was particularly evident at the Falkland Islands and Iles Kerguelen where higher fishery catch amounts (or discard amounts where known) corresponded to higher occurrence of these species in diet samples. This study indicates ongoing interactions with fisheries through consumption of fishery discards, increasing the risk of seabird mortality. Breeding success was higher at sites where fisheries discards were detected in the diet, highlighting the need to minimize discarding to reduce impacts on the ecosystem. DNA metabarcoding provides a valuable non-invasive tool for assessing the fish prey of seabirds across broad geographic ranges. This provides an avenue for fishery resource managers to assess compliance of fisheries with discard policies and the level of interaction with scavenging seabirds

Performance of a novel left ventricular lead with short bipolar spacing for cardiac resynchronization therapy: Primary results of the Attain Performa Quadripolar Left Ventricular Lead Study

n/

Gradients of genetic diversity and differentiation across the distribution range of a Mediterranean coral: Patterns, processes and conservation implications

Aim: How historical and contemporary eco-evolutionary processes shape the patterns of genetic diversity and þÿdifferentiation across species distribution range remain Focusing on the orange stony coral, Astroides calycularis, we (a) characterized the pattern of neutral genetic diversity across the distribution range; (b) gave insights into the underlying processes; and (c) discussed conservation implications with emphasis on a national park located on a hotspot of genetic diversity. Location: South Mediterranean Sea and Zembra National Park. Methods: We combined new data from 12 microsatellites in 13 populations located in the Centre and in the Western Periphery of the distribution range with a published dataset including 16 populations from the Western and Eastern Peripheries. We analysed the relationship among parameters of genetic diversity (He, Ar(g)) and structure (population-specific FST) and two measures of geographic peripherality. We compared two estimators of pairwise genetic structure (GST, DEST) across the distribution range. The evolutionary and demographic history of the populations following the Last Glacial Maximum was reconstructed using approximate Bayesian computations and maximum-likelihood analyses. We inferred the contemporary connectivity among populations from Zembra National Park and with the neighbouring area of Cap Bon. Results: We demonstrate a decrease in genetic diversity and an increase in genetic differentiation from the Centre to the Eastern and Western Peripheries of the distribution range. Populations from Zembra show the highest genetic diversity reported in the species. We identified a spillover effect towards Cap Bon. Main conclusions: The patterns of genetic diversity and þÿdifferentiation are most likely explained by the postglacial range expansion hypothesis rather than the þÿ central peripheral hypothesis. Enforcement of conservatio

CD1b-restricted GEM T cell responses are modulated by Mycobacterium tuberculosis mycolic acid meromycolate chains

Tuberculosis, caused by Mycobacterium tuberculosis, remains a major human pandemic. Germline-encoded mycolyl lipid-reactive (GEM) T cells are donor-unrestricted and recognize CD1b-presented mycobacterial mycolates. However, the molecular requirements governing mycolate antigenicity for the GEM T cell receptor (TCR) remain poorly understood. Here, we demonstrate CD1b expression in tuberculosis granulomas and reveal a central role for meromycolate chains in influencing GEM-TCR activity. Meromycolate fine structure influences T cell responses in TB-exposed individuals, and meromycolate alterations modulate functional responses by GEM-TCRs. Computational simulations suggest that meromycolate chain dynamics regulate mycolate head group movement, thereby modulating GEM-TCR activity. Our findings have significant implications for the design of future vaccines that target GEM T cells

Viral Load Levels Measured at Set-Point Have Risen Over the Last Decade of the HIV Epidemic in the Netherlands

HIV-1 RNA plasma concentration at viral set-point is associated not only with disease outcome but also with the transmission dynamics of HIV-1. We investigated whether plasma HIV-1 RNA concentration and CD4 cell count at viral set-point have changed over time in the HIV epidemic in the Netherlands.We selected 906 therapy-naïve patients with at least one plasma HIV-1 RNA concentration measured 9 to 27 months after estimated seroconversion. Changes in HIV-1 RNA and CD4 cell count at viral set-point over time were analysed using linear regression models. The ATHENA national observational cohort contributed all patients who seroconverted in or after 1996; the Amsterdam Cohort Studies (ACS) contributed seroconverters before 1996. The mean of the first HIV-1 RNA concentration measured 9-27 months after seroconversion was 4.30 log(10) copies/ml (95% CI 4.17-4.42) for seroconverters from 1984 through 1995 (n = 163); 4.27 (4.16-4.37) for seroconverters 1996-2002 (n = 232), and 4.59 (4.52-4.66) for seroconverters 2003-2007 (n = 511). Compared to patients seroconverting between 2003-2007, the adjusted mean HIV-1 RNA concentration at set-point was 0.28 log(10) copies/ml (95% CI 0.16-0.40; p<0.0001) and 0.26 (0.11-0.41; p = 0.0006) lower for those seroconverting between 1996-2002 and 1984-1995, respectively. Results were robust regardless of type of HIV-1 RNA assay, HIV-1 subtype, and interval between measurement and seroconversion. CD4 cell count at viral set-point declined over calendar time at approximately 5 cells/mm(3)/year.The HIV-1 RNA plasma concentration at viral set-point has increased over the last decade of the HIV epidemic in the Netherlands. This is accompanied by a decreasing CD4 cell count over the period 1984-2007 and may have implications for both the course of the HIV infection and the epidemic

Observation of an Excited Bc+ State

Using pp collision data corresponding to an integrated luminosity of 8.5 fb-1 recorded by the LHCb experiment at center-of-mass energies of s=7, 8, and 13 TeV, the observation of an excited Bc+ state in the Bc+π+π- invariant-mass spectrum is reported. The observed peak has a mass of 6841.2±0.6(stat)±0.1(syst)±0.8(Bc+) MeV/c2, where the last uncertainty is due to the limited knowledge of the Bc+ mass. It is consistent with expectations of the Bc∗(2S31)+ state reconstructed without the low-energy photon from the Bc∗(1S31)+→Bc+γ decay following Bc∗(2S31)+→Bc∗(1S31)+π+π-. A second state is seen with a global (local) statistical significance of 2.2σ (3.2σ) and a mass of 6872.1±1.3(stat)±0.1(syst)±0.8(Bc+) MeV/c2, and is consistent with the Bc(2S10)+ state. These mass measurements are the most precise to date