6 research outputs found

    Reins to the Cloud: Compromising Cloud Systems via the Data Plane

    No full text
    Virtual switches have become popular among cloud operating systems to interconnect virtual machines in a more flexible manner. However, this paper demonstrates that virtual switches introduce new attack surfaces in cloud setups, whose effects can be disastrous. Our analysis shows that these vulnerabilities are caused by: (1) inappropriate security assumptions (privileged virtual switch execution in kernel and user space), (2) the logical centralization of such networks (e.g., OpenStack or SDN), (3) the presence of bi-directional communication channels between data plane systems and the centralized controller, and (4) non-standard protocol parsers. Our work highlights the need to accommodate the data plane(s) in our threat models. In particular, it forces us to revisit today's assumption that the data plane can only be compromised by a sophisticated attacker: we show that compromising the data plane of modern computer networks can actually be performed by a very simple attacker with limited resources only and at low cost (i.e., at the cost of renting a virtual machine in the Cloud). As a case study, we fuzzed only 2\% of the code-base of a production quality virtual switch's packet processor (namely OvS), identifying serious vulnerabilities leading to unauthenticated remote code execution. In particular, we present the "rein worm" which allows us to fully compromise test-setups in less than 100 seconds. We also evaluate the performance overhead of existing mitigations such as ASLR, PIEs, and unconditional stack canaries on OvS. We find that while applying these countermeasures in kernel-space incurs a significant overhead, in user-space the performance overhead is negligible

    Different features of Vδ2 T and NK cells in fatal and non-fatal human Ebola infections

    No full text
    Background: Human Ebola infection is characterized by a paralysis of the immune system. A signature of αβ T cells in fatal Ebola infection has been recently proposed, while the involvement of innate immune cells in the protection/pathogenesis of Ebola infection is unknown. Aim of this study was to analyze γδ T and NK cells in patients from the Ebola outbreak of 2014–2015 occurred in West Africa, and to assess their association with the clinical outcome. Methodology/Principal findings: Nineteen Ebola-infected patients were enrolled at the time of admission to the Ebola Treatment Centre in Guinea. Patients were divided in two groups on the basis of the clinical outcome. The analysis was performed by using multiparametric flow cytometry established by the European Mobile Laboratory in the field. A low frequency of Vδ2 T-cells was observed during Ebola infection, independently from the clinical outcome. Moreover, Vδ2 T-cells from Ebola patients massively expressed CD95 apoptotic marker, suggesting the involvement of apoptotic mechanisms in Vδ2 T-cell loss. Interestingly, Vδ2 T-cells from survivors expressed an effector phenotype and presented a lower expression of the CTLA-4 exhaustion marker than fatalities, suggesting a role of effector Vδ2 T-cells in the protection. Furthermore, patients with fatal Ebola infection were characterized by a lower NK cell frequency than patients with non fatal infection. In particular, both CD56brightand CD56dimNK frequency were very low both in fatal and non fatal infections, while a higher frequency of CD56negNK cells was associated to non-fatal infections. Finally, NK activation and expression of NKp46 and CD158a were independent from clinical outcome. Conclusions/Significances: Altogether, the data suggest that both effector Vδ2 T-cells and NK cells may play a role in the complex network of protective response to EBOV infection. Further studies are required to characterize the protective effector functions of Vδ2 and NK cells

    J Infect Dis

    Get PDF
    BACKGROUND: In 2015, the laboratory at the Ebola treatment center in Coyah, Guinea, confirmed Ebola virus disease (EVD) in 286 patients. Cycle threshold (Ct) in the Ebola virus RT-PCR and 13 blood chemistry parameters were measured on admission and during hospitalization. Favipiravir treatment was offered to EVD patients on compassionate use basis. METHODS: To reduce biases in the raw field data, we carefully selected 163 of the 286 EVD patients for a retrospective study to assess associations between potential risk factors, alterations in blood chemistry, favipiravir treatment, and outcome. RESULTS: The case fatality rate in favipiravir-treated patients was lower than in untreated patients (31/73 [42.5%] vs. 52/90 [57.8%], p = 0.053 in univariate analysis). In the multivariate regression analysis, higher Ct value and younger age were associated with survival (p <0.001), while favipiravir treatment showed no statistically significant effect (p = 0.11). However, Kaplan-Meier analysis indicated a longer survival time in the favipiravir-treated group (p = 0.015). The study also showed characteristic changes in blood chemistry in fatal cases vs. survivors. CONCLUSIONS: Consistent with the JIKI trial, this retrospective study reveals a trend toward improved survival in favipiravir-treated patients; however, the effect was not statistically significant except for survival time

    The problem of convexity of Chebyshev sets

    No full text
    corecore