Thunderclap: Exploring Vulnerabilities in Operating System IOMMU Protection via DMA from Untrustworthy Peripherals

Direct Memory Access (DMA) attacks have been known for many years: DMA-enabled I/O peripherals have complete access to the state of a computer and can fully compromise it including reading and writing all of system memory. With the popularity of Thunderbolt 3 over USB Type-C and smart internal devices, opportunities for these attacks to be performed casually with only seconds of physical access to a computer have greatly broadened. In response, commodity hardware and operating-system (OS) vendors have incorporated support for Input-Output Memory Management Units (IOMMUs), which impose memory protection on DMA, and are widely believed to protect against DMA attacks. We investigate the state-of-the-art in IOMMU protection across OSes using a novel I/O security research platform, and find that current protections fall short when faced with a functional network peripheral that uses its complex interactions with the OS for ill intent, and demonstrate compromises against macOS, FreeBSD, and Linux, which notionally utilize IOMMUs to protect against DMA attackers. Windows only uses the IOMMU in limited cases and remains vulnerable. Using Thunderclap, an open-source FPGA research platform we built, we explore a number of novel exploit techniques to expose new classes of OS vulnerability. The complex vulnerability space for IOMMU-exposed shared memory available to DMA-enabled peripherals allows attackers to extract private data (sniffing cleartext VPN traffic) and hijack kernel control flow (launching a root shell) in seconds using devices such as USB-C projectors or power adapters. We have worked closely with OS vendors to remedy these vulnerability classes, and they have now shipped substantial feature improvements and mitigations as a result of our work.DARPA I2O FA8750-10-C-0237 ("CTSRD") DARPA MTO HR0011- 18-C-0016 ("ECATS") Arm Ltd Google Inc This work was also supported by EPSRC EP/R012458/1 (“IOSEC”)

Debris Disks: Probing Planet Formation

Debris disks are the dust disks found around ~20% of nearby main sequence stars in far-IR surveys. They can be considered as descendants of protoplanetary disks or components of planetary systems, providing valuable information on circumstellar disk evolution and the outcome of planet formation. The debris disk population can be explained by the steady collisional erosion of planetesimal belts; population models constrain where (10-100au) and in what quantity (>1Mearth) planetesimals (>10km in size) typically form in protoplanetary disks. Gas is now seen long into the debris disk phase. Some of this is secondary implying planetesimals have a Solar System comet-like composition, but some systems may retain primordial gas. Ongoing planet formation processes are invoked for some debris disks, such as the continued growth of dwarf planets in an unstirred disk, or the growth of terrestrial planets through giant impacts. Planets imprint structure on debris disks in many ways; images of gaps, clumps, warps, eccentricities and other disk asymmetries, are readily explained by planets at >>5au. Hot dust in the region planets are commonly found (<5au) is seen for a growing number of stars. This dust usually originates in an outer belt (e.g., from exocomets), although an asteroid belt or recent collision is sometimes inferred.Comment: Invited review, accepted for publication in the 'Handbook of Exoplanets', eds. H.J. Deeg and J.A. Belmonte, Springer (2018

Exploiting open source 3D printer architecture for laboratory robotics to automate high-throughput time-lapse imaging for analytical microbiology

Growth in open-source hardware designs combined with the low-cost of high performance optoelectronic and robotics components has supported a resurgence of in-house custom lab equipment development. We describe a low cost (below USD700), open-source, fully customizable high-throughput imaging system for analytical microbiology applications. The system comprises a Raspberry Pi camera mounted on an aluminium extrusion frame with 3D-printed joints controlled by an Arduino microcontroller running open-source Repetier Host Firmware. The camera position is controlled by simple G-code scripts supplied from a Raspberry Pi singleboard computer and allow customized time-lapse imaging of microdevices over a large imaging area. Open-source OctoPrint software allows remote access and control. This simple yet effective design allows high-throughput microbiology testing in multiple formats including formats for bacterial motility, colony growth, microtitre plates and microfluidic devices termed ‘lab-on-a-comb’ to screen the effects of different culture media components and antibiotics on bacterial growth. The open-source robot design allows customization of the size of the imaging area; the current design has an imaging area of ~420 × 300mm, which allows 29 ‘lab-on-a-comb’ devices to be imaged which is equivalent 3480 individual 1μl samples. The system can also be modified for fluorescence detection using LED and emission filters embedded on the PiCam for more sensitive detection of bacterial growth using fluorescent dyes

Comparison of implementation strategies to influence adherence to the clinical pathway for screening, assessment and management of anxiety and depression in adult cancer patients (ADAPT CP): Study protocol of a cluster randomised controlled trial

© 2018 The Author(s). Background: Health service change is difficult to achieve. One strategy to facilitate such change is the clinical pathway, a guide for clinicians containing a defined set of evidence-based interventions for a specific condition. However, optimal strategies for implementing clinical pathways are not well understood. Building on a strong evidence-base, the Psycho-Oncology Co-operative Research Group (PoCoG) in Australia developed an evidence and consensus-based clinical pathway for screening, assessing and managing cancer-related anxiety and depression (ADAPT CP) and web-based resources to support it - staff training, patient education, cognitive-behavioural therapy and a management system (ADAPT Portal). The ADAPT Portal manages patient screening and prompts staff to follow the recommendations of the ADAPT CP. This study compares the clinical and cost effectiveness of two implementation strategies (varying in resource intensiveness), designed to encourage adherence to the ADAPT CP over a 12-month period. Methods: This cluster randomised controlled trial will recruit 12 cancer service sites, stratified by size (large versus small), and randomised at site level to a standard (Core) versus supported (Enhanced) implementation strategy. After a 3-month period of site engagement, staff training and site tailoring of the ADAPT CP and Portal, each site will "Go-live", implementing the ADAPT CP for 12 months. During the implementation phase, all eligible patients will be introduced to the ADAPT CP as routine care. Patient participants will be registered on the ADAPT Portal to complete screening for anxiety and depression. Staff will be responsible for responding to prompts to follow the ADAPT CP. The primary outcome will be adherence to the ADAPT CP. Secondary outcomes include staff attitudes to and experiences of following the ADAPT CP, using the ADAPT Portal and being exposed to ADAPT implementation strategies, collected using quantitative and qualitative methods. Data will be collected at T0 (baseline, after site engagement), T1 (6 months post Go-live) and T2 (12 months post Go-live). Discussion: This will be the first cluster randomised trial to establish optimal levels of implementation effort and associated costs to achieve successful uptake of a clinical pathway within cancer care. Trial registration: The study was registered prospectively with the ANZCTR on 22/3/2017. Trial ID ACTRN1261700041134

Zircon ages in granulite facies rocks: decoupling from geochemistry above 850 °C?

Granulite facies rocks frequently show a large spread in their zircon ages, the interpretation of which raises questions: Has the isotopic system been disturbed? By what process(es) and conditions did the alteration occur? Can the dates be regarded as real ages, reflecting several growth episodes? Furthermore, under some circumstances of (ultra-)high-temperature metamorphism, decoupling of zircon U–Pb dates from their trace element geochemistry has been reported. Understanding these processes is crucial to help interpret such dates in the context of the P–T history. Our study presents evidence for decoupling in zircon from the highest grade metapelites (> 850 °C) taken along a continuous high-temperature metamorphic field gradient in the Ivrea Zone (NW Italy). These rocks represent a well-characterised segment of Permian lower continental crust with a protracted high-temperature history. Cathodoluminescence images reveal that zircons in the mid-amphibolite facies preserve mainly detrital cores with narrow overgrowths. In the upper amphibolite and granulite facies, preserved detrital cores decrease and metamorphic zircon increases in quantity. Across all samples we document a sequence of four rim generations based on textures. U–Pb dates, Th/U ratios and Ti-in-zircon concentrations show an essentially continuous evolution with increasing metamorphic grade, except in the samples from the granulite facies, which display significant scatter in age and chemistry. We associate the observed decoupling of zircon systematics in high-grade non-metamict zircon with disturbance processes related to differences in behaviour of non-formula elements (i.e. Pb, Th, U, Ti) at high-temperature conditions, notably differences in compatibility within the crystal structure

Transformation and tumorigenicity testing of simian cell lines and evaluation of poliovirus replication

The key role of cell cultures in different scientific fields is worldwide recognized, both as in vitro research models alternative to laboratory animals and substrates for biological production. However, many safety concerns rise from the use of animal/human cell lines that may be tumorigenic, leading to potential adverse contaminations in cell-derived biologicals. In order to evaluate the suitability of 13 different cell lines for Poliovirus vaccine production, safety and quality, in vitro/in vivo tumorigenicity and Poliovirus propagation properties were evaluated. Our results revealed that non-human primate cell lines CYNOM-K1, FRhK-4, 4MBr-5 and 4647 are free of tumorigenic features and represent highly susceptible substrates for attenuated Sabin Poliovirus strains. In particular, FRhK-4 and 4647 cell lines are characterized by a higher in vitro replication, resulting indicated for the use in large-scale production field

B-cell lymphoma in retrieved femoral heads: a long term follow up

<p>Abstract</p> <p>Background</p> <p>A relatively high incidence of pathological conditions in retrieved femoral heads, including a group of patients having low grade B-cell lymphoma, has been described before. At short term follow up none of these patients with low-grade B-cell lymphoma showed evidence of systemic disease. However, the long term follow up of these patients is not known.</p> <p>Methods</p> <p>From November 1994 up to and including December 2005 we screened all femoral heads removed at the time of primary total hip replacement histopathologically and included them in the bone banking protocol according to the guidelines of the American Associations of Tissue Banks (AATB) and the European Association of Musculo-Skeletal Transplantation (EAMST). We determined the percentage of B-cell lymphoma in all femoral heads and in the group that fulfilled all criteria of the bone banking protocol and report on the long-term follow-up.</p> <p>Results</p> <p>Of 852 femoral heads fourteen (1.6%) were highly suspicious for low-grade B-cell lymphoma. Of these 852 femoral heads, 504 were eligible for bone transplantation according to the guidelines of the AATB and the EAMST. Six femoral heads of this group of 504 were highly suspicious for low-grade B-cell lymphoma (1.2%). At long term follow up two (0.2%) of all patients developed systemic malignant disease and one of them needed medical treatment for her condition.</p> <p>Conclusion</p> <p>In routine histopathological screening we found variable numbers of low-grade B-cell lymphoma throughout the years, even in a group of femoral heads that were eligible for bone transplantation. Allogenic transmission of malignancy has not yet been reported on, but surviving viruses are proven to be transmissible. Therefore, we recommend the routine histopathological evaluation of all femoral heads removed at primary total hip arthroplasty as a tool for quality control, whether the femoral head is used for bone banking or not.</p

Global, regional, and national comparative risk assessment of 79 behavioural, environmental and occupational, and metabolic risks or clusters of risks, 1990-2015: a systematic analysis for the Global Burden of Disease Study 2015

SummaryBackground The Global Burden of Diseases, Injuries, and Risk Factors Study 2015 provides an up-to-date synthesis of the evidence for risk factor exposure and the attributable burden of disease. By providing national and subnational assessments spanning the past 25 years, this study can inform debates on the importance of addressing risks in context. Methods We used the comparative risk assessment framework developed for previous iterations of the Global Burden of Disease Study to estimate attributable deaths, disability-adjusted life-years (DALYs), and trends in exposure by age group, sex, year, and geography for 79 behavioural, environmental and occupational, and metabolic risks or clusters of risks from 1990 to 2015. This study included 388 risk-outcome pairs that met World Cancer Research Fund-defined criteria for convincing or probable evidence. We extracted relative risk and exposure estimates from randomised controlled trials, cohorts, pooled cohorts, household surveys, census data, satellite data, and other sources. We used statistical models to pool data, adjust for bias, and incorporate covariates. We developed a metric that allows comparisons of exposure across risk factors—the summary exposure value. Using the counterfactual scenario of theoretical minimum risk level, we estimated the portion of deaths and DALYs that could be attributed to a given risk. We decomposed trends in attributable burden into contributions from population growth, population age structure, risk exposure, and risk-deleted cause-specific DALY rates. We characterised risk exposure in relation to a Socio-demographic Index (SDI). Findings Between 1990 and 2015, global exposure to unsafe sanitation, household air pollution, childhood underweight, childhood stunting, and smoking each decreased by more than 25%. Global exposure for several occupational risks, high body-mass index (BMI), and drug use increased by more than 25% over the same period. All risks jointly evaluated in 2015 accounted for 57·8% (95% CI 56·6–58·8) of global deaths and 41·2% (39·8–42·8) of DALYs. In 2015, the ten largest contributors to global DALYs among Level 3 risks were high systolic blood pressure (211·8 million [192·7 million to 231·1 million] global DALYs), smoking (148·6 million [134·2 million to 163·1 million]), high fasting plasma glucose (143·1 million [125·1 million to 163·5 million]), high BMI (120·1 million [83·8 million to 158·4 million]), childhood undernutrition (113·3 million [103·9 million to 123·4 million]), ambient particulate matter (103·1 million [90·8 million to 115·1 million]), high total cholesterol (88·7 million [74·6 million to 105·7 million]), household air pollution (85·6 million [66·7 million to 106·1 million]), alcohol use (85·0 million [77·2 million to 93·0 million]), and diets high in sodium (83·0 million [49·3 million to 127·5 million]). From 1990 to 2015, attributable DALYs declined for micronutrient deficiencies, childhood undernutrition, unsafe sanitation and water, and household air pollution; reductions in risk-deleted DALY rates rather than reductions in exposure drove these declines. Rising exposure contributed to notable increases in attributable DALYs from high BMI, high fasting plasma glucose, occupational carcinogens, and drug use. Environmental risks and childhood undernutrition declined steadily with SDI; low physical activity, high BMI, and high fasting plasma glucose increased with SDI. In 119 countries, metabolic risks, such as high BMI and fasting plasma glucose, contributed the most attributable DALYs in 2015. Regionally, smoking still ranked among the leading five risk factors for attributable DALYs in 109 countries; childhood underweight and unsafe sex remained primary drivers of early death and disability in much of sub-Saharan Africa. Interpretation Declines in some key environmental risks have contributed to declines in critical infectious diseases. Some risks appear to be invariant to SDI. Increasing risks, including high BMI, high fasting plasma glucose, drug use, and some occupational exposures, contribute to rising burden from some conditions, but also provide opportunities for intervention. Some highly preventable risks, such as smoking, remain major causes of attributable DALYs, even as exposure is declining. Public policy makers need to pay attention to the risks that are increasingly major contributors to global burden. Funding Bill & Melinda Gates Foundation

Multivariable regression analysis in Schistosoma mansoni-infected individuals in the Sudan reveals unique immunoepidemiological profiles in uninfected, egg+ and non-egg+ infected individuals

Background: In the Sudan, Schistosoma mansoni infections are a major cause of morbidity in schoolaged children and infection rates are associated with available clean water sources. During infection, immune responses pass through a Th1 followed by Th2 and Treg phases and patterns can relate to different stages of infection or immunity. Methodology: This retrospective study evaluated immunoepidemiological aspects in 234 individuals(range 4–85 years old) from Kassala and Khartoum states in 2011. Systemic immune profiles(cytokines and immunoglobulins) and epidemiological parameters were surveyed in n = 110 persons presenting patent S. mansoni infections (egg+), n = 63 individuals positive for S. mansoni via PCR in sera but egg negative (SmPCR+) and n = 61 people who were infection-free (Sm uninf). Immunoepidemiological findings were further investigated using two binary multivariable regression analysis. Principal Findings: Nearly all egg+ individuals had no access to latrines and over 90% obtained water via the canal stemming from the Atbara River. With regards to age, infection and an egg+ status was linked to young and adolescent groups. In terms of immunology, S. mansoni infection per se was strongly associated with increased SEA-specific IgG4 but not IgE levels. IL-6, IL-13 and IL-10 were significantly elevated in patently-infected individuals and positively correlated with egg load. In contrast, IL-2 and IL-1β were significantly lower in SmPCR+ individuals when compared to Sm uninf and egg+ groups which was further confirmed during multivariate regression analysis. Conclusions/Significance: Schistosomiasis remains an important public health problem in the Sudan with a high number of patent individuals. In addition, SmPCR diagnostics revealed another cohort of infected individuals with a unique immunological profile and provides an avenue for future studies on non-patent infection states. Future studies should investigate the downstream signalling pathways/mechanisms of IL-2 and IL-1β as potential diagnostic markers in order to distinguish patent from non-patent individuals

Androgen Excess Produces Systemic Oxidative Stress and Predisposes to β-Cell Failure in Female Mice

In women, excess production of the male hormone, testosterone (T), is accompanied by insulin resistance. However, hyperandrogenemia is also associated with β-cell dysfunction and type 2 diabetes raising the possibility that androgen receptor (AR) activation predisposes to β-cell failure. Here, we tested the hypothesis that excess AR activation produces systemic oxidative stress thereby contributing to β-cell failure. We used normal female mice (CF) and mice with androgen resistance by testicular feminization (Tfm). These mice were exposed to androgen excess and a β-cell stress induced by streptozotocin (STZ). We find that following exposure to T, or the selective AR-agonist dehydrotestosterone (DHT), CF mice challenged with STZ, which are normally protected, are prone to β-cell failure and insulin-deficient diabetes. Conversely, T-induced predisposition to β-cell failure is abolished in Tfm mice. We do not observe any proapoptotic effect of DHT alone or in the presence of H2O2 in cultured mouse and human islets. However, we observe that exposure of CF mice to T or DHT provokes systemic oxidative stress, which is eliminated in Tfm mice. This work has significance for hyperandrogenic women; excess activation of AR by testosterone may provoke systemic oxidative stress. In the presence of a prior β-cell stress, this may predispose to β-cell failure