"Biological failure” of the anterior cruciate ligament graft

Anterior cruciate ligament (ACL) reconstruction has the best chance for success when the graft undergoes extensive biologic remodeling and incorporation after implantation. There are many factors that can lead to graft failure and possible revision surgery. These include patient selection; surgical technique such as graft placement and tensioning; the use of allograft versus autograft; mechanical factors such as secondary restraint laxity; lack of a correct, carefully controlled post-operative rehabilitation program; and biological factors. When a patient presents with knee instability following ligament reconstruction and there is no history of a new trauma or identifiable technical error, biological failure should be considered. However, the biologic response of the grafted tissue is closely linked to the mechanical and biochemical environment into which the graft is placed. Thus, the "biological failure” of the ACL graft is a complex pathological entity whose cause is not fully understood. Failure may be initiated by early extensive graft necrosis, disturbances in revascularization, problems in cell repopulation and proliferation, and as well difficulties in the ligamentization process. However, further study of the biological characterization of a failed graft placed in a correct mechanical environment is warrante

Fortress: Securing IoT Peripherals with Trusted Execution Environments

With the increasing popularity of Internet of Things (IoT) devices, securing sensitive user data has emerged as a major challenge. These devices often collect confidential information, such as audio and visual data, through peripheral inputs like microphones and cameras. Such sensitive information is then exposed to potential threats, either from malicious software with high-level access rights or transmitted (sometimes inadvertently) to untrusted cloud services. In this paper, we propose a generic design to enhance the privacy in IoT-based systems by isolating peripheral I/O memory regions in a secure kernel space of a trusted execution environment (TEE). Only a minimal set of peripheral driver code, resident within the secure kernel, can access this protected memory area. This design effectively restricts any unauthorised access by system software, including the operating system and hypervisor. The sensitive peripheral data is then securely transferred to a user-space TEE, where obfuscation mechanisms can be applied before it is relayed to third parties, e.g., the cloud. To validate our architectural approach, we provide a proof-of-concept implementation of our design by securing an audio peripheral based on inter-IC sound (I2S), a serial bus to interconnect audio devices. The experimental results show that our design offers a robust security solution with an acceptable computational overhead.Comment: 8 page

Anatomy of the anterior cruciate ligament

The anterior cruciate ligament (ACL) is a band of dense connective tissue which courses from the femur to the tibia. The ACL is a key structure in the knee joint, as it resists anterior tibial translation and rotational loads. When the knee is extended, the ACL has a mean length of 32mm and a width of 7-12mm. There are two components of the ACL, the anteromedial bundle (AMB) and the posterolateral bundle (PLB). They are not isometric with the main change being lengthening of the AMB and shortening of the PLB during flexion. The ACL has a microstructure of collagen bundles of multiple types (mostly type I) and a matrix made of a network of proteins, glycoproteins, elastic systems, and glycosaminoglycans with multiple functional interactions. The complex ultrastructural organization and abundant elastic system of the ACL allow it to withstand multiaxial stresses and varying tensile strains. The ACL is innervated by posterior articular branches of the tibial nerve and is vascularized by branches of the middle genicular arter

Preventing EFail Attacks with Client-Side WebAssembly: The Case of Swiss Post's IncaMail

Traditional email encryption schemes are vulnerable to EFail attacks, which exploit the lack of message authentication by manipulating ciphertexts and exfiltrating plaintext via HTML backchannels. Swiss Post's IncaMail, a secure email service for transmitting legally binding, encrypted, and verifiable emails, counters EFail attacks using an authenticated-encryption with associated data (AEAD) encryption scheme to ensure message privacy and authentication between servers. IncaMail relies on a trusted infrastructure backend and encrypts messages per user policy. This paper presents a revised IncaMail architecture that offloads the majority of cryptographic operations to clients, offering benefits such as reduced computational load and energy footprint, relaxed trust assumptions, and per-message encryption key policies. Our proof-of-concept prototype and benchmarks demonstrate the robustness of the proposed scheme, with client-side WebAssembly-based cryptographic operations yielding significant performance improvements (up to ~14x) over conventional JavaScript implementations.Comment: This publication incorporates results from the VEDLIoT project, which received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 95719

Attestation Mechanisms for Trusted Execution Environments Demystified

Attestation is a fundamental building block to establish trust over software systems. When used in conjunction with trusted execution environments, it guarantees the genuineness of the code executed against powerful attackers and threats, paving the way for adoption in several sensitive application domains. This paper reviews remote attestation principles and explains how the modern and industrially well-established trusted execution environments Intel SGX, Arm TrustZone and AMD SEV, as well as emerging RISC-V solutions, leverage these mechanisms.Comment: This publication incorporates results from the VEDLIoT project, which received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 957197. arXiv admin note: substantial text overlap with arXiv:2204.0679

Return to sport after patellar dislocation or following surgery for patellofemoral instability

Patellofemoral instability may occur in a young population as a result of injury during sporting activities. This review focuses on return to sport after one episode of dislocation treated no operatively and as well after surgery for chronic patellofemoral instability. With or without surgery, only two-thirds of patients return to sports at the same level as prior to injury. A high-quality rehabilitation programme using specific exercises is the key for a safe return to sporting activities. To achieve this goal, recovery of muscle strength and dynamic stability of the lower limbs is crucial. The focus should be directed to strengthen the quadriceps muscle and pelvic stabilizers, as well as lateral trunk muscle training. Patient education and regularly performed home exercises are other key factors that can lead to a successful return to sports. The criteria for a safe return to sports include the absence of pain, no effusion, a complete range of motion, almost symmetrical strength, and excellent dynamic stability. Level of evidence IV

A Holistic Approach for Trustworthy Distributed Systems with WebAssembly and TEEs

Publish/subscribe systems play a key role in enabling communication between numerous devices in distributed and large-scale architectures. While widely adopted, securing such systems often trades portability for additional integrity and attestation guarantees. Trusted Execution Environments (TEEs) offer a potential solution with enclaves to enhance security and trust. However, application development for TEEs is complex, and many existing solutions are tied to specific TEE architectures, limiting adaptability. Current communication protocols also inadequately manage attestation proofs or expose essential attestation information. This paper introduces a novel approach using WebAssembly to address these issues, a key enabling technology nowadays capturing academia and industry attention. We present the design of a portable and fully attested publish/subscribe middleware system as a holistic approach for trustworthy and distributed communication between various systems. Based on this proposal, we have implemented and evaluated in-depth a fully-fledged publish/subscribe broker running within Intel SGX, compiled in WebAssembly, and built on top of industry-battled frameworks and standards, i.e., MQTT and TLS protocols. Our extended TLS protocol preserves the privacy of attestation information, among other benefits. Our experimental results showcase most overheads, revealing a 1.55x decrease in message throughput when using a trusted broker. We open-source the contributions of this work to the research community to facilitate experimental reproducibility.Comment: This publication incorporates results from the VEDLIoT project, which received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 95719