Towards Vulnerability Discovery Using Staged Program Analysis

Eliminating vulnerabilities from low-level code is vital for securing software. Static analysis is a promising approach for discovering vulnerabilities since it can provide developers early feedback on the code they write. But, it presents multiple challenges not the least of which is understanding what makes a bug exploitable and conveying this information to the developer. In this paper, we present the design and implementation of a practical vulnerability assessment framework, called Melange. Melange performs data and control flow analysis to diagnose potential security bugs, and outputs well-formatted bug reports that help developers understand and fix security bugs. Based on the intuition that real-world vulnerabilities manifest themselves across multiple parts of a program, Melange performs both local and global analyses. To scale up to large programs, global analysis is demand-driven. Our prototype detects multiple vulnerability classes in C and C++ code including type confusion, and garbage memory reads. We have evaluated Melange extensively. Our case studies show that Melange scales up to large codebases such as Chromium, is easy-to-use, and most importantly, capable of discovering vulnerabilities in real-world code. Our findings indicate that static analysis is a viable reinforcement to the software testing tool set.Comment: A revised version to appear in the proceedings of the 13th conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), July 201

A survey of the treatment and management of patients with severe chronic spontaneous urticaria.

Chronic spontaneous urticaria (CSU) is characterized by the recurrent appearance of weals, angio‐oedema or both, occurring at least twice weekly for longer than 6 weeks.1 It is often managed with antihistamines, but occasionally requires other systemic agents in recalcitrant cases. A cross‐sectional survey was conducted by means of an internet‐based survey tool (Typeform; https://www.typeform.com). Participating consultants with a specialist interest in urticaria were identified through the specialist registers of the British Society of Allergy and Clinical Immunology (BSACI), the Improving Quality in Allergy Services (IQAS) Group and the British Association of Dermatologists (BAD), and invited to take part. The survey content was based on current CSU treatment guidelines from EAACI/GA2LEN/EDF/WAO1 and the British Society for Allergy and Clinical Immunology (BSACI).2 The EAACI/GA2LEN/EDF/WAO guidelines are a joint initiative of the Dermatology Section of the European Academy of Allergy and Clinical Immunology (EAACI), the Global Allergy and Asthma European Network (GA2LEN) (a European Union‐funded network of excellence), the European Dermatology Forum (EDF), and the World Allergy Organization (WAO). To standardize responses, all participants were presented with a case of recalcitrant CSU (failed on maximum dose of nonsedating antihistamines and montelukast), requiring alternative systemic treatment. Questions covered usage of systemic treatments, routine disease severity assessments, adherence to treatment guidelines and perceived barriers to prescribing. Responses (Table 1) were received from 19 UK consultants (26 surveys sent; completion rate 73%), 15 of whom had > 10 years’ experience in the treatment of CSU. The majority were allergy (58%) and dermatology consultants (37%). Of the 19 consultants, 56% provide a dedicated urticaria service, 37% treat both adult and paediatric patients, and the majority (79%) use systemic medications other than antihistamines and montelukast. Omalizumab and ciclosporin were the most commonly used first‐line agents (47% and 27% respectively) (Fig. 1). The majority (84%) of consultants use validated measures to assess disease severity, including the weekly Urticaria Activity Score (UAS‐7, 63%), the Physician Global Assessment (63%), the Patient Global Assessment (44%) and the Dermatology Quality of Life Index (DLQI) (38%). Guidelines are used by 89% to direct their management of CSU, with 50% using the EAACI/GA2LEN/EDF/WAO guideline,1 compared with 31% primarily using the BSACI guideline.2 The main perceived barriers to prescribing systemic medications were potential adverse effects (AEs) (32% strongly agreed), potential long‐term toxicity (26% strongly agreed), cost of treatment (42% strongly agreed), and views expressed by the patient and their family (37% agreed)

Characterization of sebaceous and non-sebaceous cutaneous manifestations in patients with lynch syndrome: a systematic review.

A subset of patients with Lynch Syndrome demonstrates cutaneous manifestations of the disorder. Characterization of these Lynch-related skin lesions could help in early recognition of patients with Lynch Syndrome. A broad search of the literature on OVID Medline and Embase was carried out to capture papers reporting cutaneous manifestations in Lynch Syndrome patients. The results were uploaded into Mendeley reference management software. The PRISMA workflow was used in the literature selection process. In this systematic review, data were collected from 961 cases from 413 studies, including 380 molecularly confirmed Lynch Syndrome cases. The main skin lesions were: Sebaceous adenomas (43%), sebaceous carcinomas (27%), keratoacanthomas (16%), sebaceomas (13%), squamous cell carcinomas (23%), and basal cell carcinomas (10%). MSH2 variants were the most common underlying genotype (72%). Assessment of mismatch repair by immunohistochemistry, microsatellite instability analysis, or both were performed on 328 skin lesions from 220 (58%) molecularly confirmed cases. In those skin lesions, 95% of Immunohistochemistry and 90% of the microsatellite instability test results were concordant with the underlying genotype. Sebaceous skin lesions are well-recognised phenotypic features of Lynch Syndrome. Our results show that squamous and basal cell carcinomas are relatively common in patients with Lynch syndrome; however, available evidence cannot confirm that Lynch syndrome is causal. Immunohistochemistry and/or microsatellite instability testing of skin tumours in patients with a family history of Lynch Syndrome-associated cancers may be a useful approach in identifying patients requiring referral to Clinical Genetics and/or consideration of germline genetic testing for Lynch Syndrome

Extensive mucocutaneous, oesophageal and otic lichen planus secondary to nivolumab therapy

We report a 73‐year‐old female with metastatic renal cell carcinoma who developed a widespread lichenoid reaction following nivolumab treatment. The timeline of the reaction strongly correlated with the nivolumab treatment and subsequent cessation. Our patient had cutaneous, mucosal, otic, ophthalmic and oesophageal involvement, demonstrating the potentially extensive nature of lichenoid reactions to anti‐programmed cell death receptor‐1 (anti‐PD1) therapies. Although lichenoid reactions to anti‐PD1 therapies are now well recognized, there have been no previous reports of otic or oesophageal involvement in the literature. Although cutaneous lichenoid reactions do not tend to be severe or treatment limiting, more widespread systemic lichenoid reactions are challenging to manage, particularly in the context of malignancy. This very unusual case highlights the importance of considering involvement beyond the skin in all lichenoid skin reactions

Validity of instruments to assess students' travel and pedestrian safety

<p>Abstract</p> <p>Background</p> <p>Safe Routes to School (SRTS) programs are designed to make walking and bicycling to school safe and accessible for children. Despite their growing popularity, few validated measures exist for assessing important outcomes such as type of student transport or pedestrian safety behaviors. This research validated the SRTS school travel survey and a pedestrian safety behavior checklist.</p> <p>Methods</p> <p>Fourth grade students completed a brief written survey on how they got to school that day with set responses. Test-retest reliability was obtained 3-4 hours apart. Convergent validity of the SRTS travel survey was assessed by comparison to parents' report. For the measure of pedestrian safety behavior, 10 research assistants observed 29 students at a school intersection for completion of 8 selected pedestrian safety behaviors. Reliability was determined in two ways: correlations between the research assistants' ratings to that of the Principal Investigator (PI) and intraclass correlations (ICC) across research assistant ratings.</p> <p>Results</p> <p>The SRTS travel survey had high test-retest reliability (κ = 0.97, n = 96, p < 0.001) and convergent validity (κ = 0.87, n = 81, p < 0.001). The pedestrian safety behavior checklist had moderate reliability across research assistants' ratings (ICC = 0.48) and moderate correlation with the PI (r = 0.55, p =< 0.01). When two raters simultaneously used the instrument, the ICC increased to 0.65. Overall percent agreement (91%), sensitivity (85%) and specificity (83%) were acceptable.</p> <p>Conclusions</p> <p>These validated instruments can be used to assess SRTS programs. The pedestrian safety behavior checklist may benefit from further formative work.</p

Measurement of the cross-section and charge asymmetry of WW bosons produced in proton-proton collisions at s=8\sqrt{s}=8 TeV with the ATLAS detector

This paper presents measurements of the $W^+ \rightarrow \mu^+\nu$ and $W^- \rightarrow \mu^-\nu$ cross-sections and the associated charge asymmetry as a function of the absolute pseudorapidity of the decay muon. The data were collected in proton--proton collisions at a centre-of-mass energy of 8 TeV with the ATLAS experiment at the LHC and correspond to a total integrated luminosity of 20.2~\mbox{fb^{-1}}. The precision of the cross-section measurements varies between 0.8% to 1.5% as a function of the pseudorapidity, excluding the 1.9% uncertainty on the integrated luminosity. The charge asymmetry is measured with an uncertainty between 0.002 and 0.003. The results are compared with predictions based on next-to-next-to-leading-order calculations with various parton distribution functions and have the sensitivity to discriminate between them.Comment: 38 pages in total, author list starting page 22, 5 figures, 4 tables, submitted to EPJC. All figures including auxiliary figures are available at https://atlas.web.cern.ch/Atlas/GROUPS/PHYSICS/PAPERS/STDM-2017-13

Measurement of χ c1 and χ c2 production with s√ = 7 TeV pp collisions at ATLAS

The prompt and non-prompt production cross-sections for the χ c1 and χ c2 charmonium states are measured in pp collisions at s√ = 7 TeV with the ATLAS detector at the LHC using 4.5 fb−1 of integrated luminosity. The χ c states are reconstructed through the radiative decay χ c → J/ψγ (with J/ψ → μ + μ −) where photons are reconstructed from γ → e + e − conversions. The production rate of the χ c2 state relative to the χ c1 state is measured for prompt and non-prompt χ c as a function of J/ψ transverse momentum. The prompt χ c cross-sections are combined with existing measurements of prompt J/ψ production to derive the fraction of prompt J/ψ produced in feed-down from χ c decays. The fractions of χ c1 and χ c2 produced in b-hadron decays are also measured

Measurements of fiducial and differential cross sections for Higgs boson production in the diphoton decay channel at s√=8 TeV with ATLAS

Measurements of fiducial and differential cross sections are presented for Higgs boson production in proton-proton collisions at a centre-of-mass energy of s√=8 TeV. The analysis is performed in the H → γγ decay channel using 20.3 fb−1 of data recorded by the ATLAS experiment at the CERN Large Hadron Collider. The signal is extracted using a fit to the diphoton invariant mass spectrum assuming that the width of the resonance is much smaller than the experimental resolution. The signal yields are corrected for the effects of detector inefficiency and resolution. The pp → H → γγ fiducial cross section is measured to be 43.2 ±9.4(stat.) − 2.9 + 3.2 (syst.) ±1.2(lumi)fb for a Higgs boson of mass 125.4GeV decaying to two isolated photons that have transverse momentum greater than 35% and 25% of the diphoton invariant mass and each with absolute pseudorapidity less than 2.37. Four additional fiducial cross sections and two cross-section limits are presented in phase space regions that test the theoretical modelling of different Higgs boson production mechanisms, or are sensitive to physics beyond the Standard Model. Differential cross sections are also presented, as a function of variables related to the diphoton kinematics and the jet activity produced in the Higgs boson events. The observed spectra are statistically limited but broadly in line with the theoretical expectations

Search for chargino-neutralino production with mass splittings near the electroweak scale in three-lepton final states in √s=13 TeV pp collisions with the ATLAS detector

A search for supersymmetry through the pair production of electroweakinos with mass splittings near the electroweak scale and decaying via on-shell W and Z bosons is presented for a three-lepton final state. The analyzed proton-proton collision data taken at a center-of-mass energy of √s=13  TeV were collected between 2015 and 2018 by the ATLAS experiment at the Large Hadron Collider, corresponding to an integrated luminosity of 139  fb−1. A search, emulating the recursive jigsaw reconstruction technique with easily reproducible laboratory-frame variables, is performed. The two excesses observed in the 2015–2016 data recursive jigsaw analysis in the low-mass three-lepton phase space are reproduced. Results with the full data set are in agreement with the Standard Model expectations. They are interpreted to set exclusion limits at the 95% confidence level on simplified models of chargino-neutralino pair production for masses up to 345 GeV