595 research outputs found
Monorail/Foxa2 regulates floorplate differentiation and specification of oligodendrocytes, serotonergic raphe neurones and cranial motoneurones
In this study, we elucidate the roles of the winged-helix transcription factor Foxa2 in ventral CNS development in zebrafish. Through cloning of monorail (mol), which we find encodes the transcription factor Foxa2, and phenotypic analysis of mol(-/-) embryos, we show that floorplate is induced in the absence of Foxa2 function but fails to further differentiate. In mol(-/-) mutants, expression of Foxa and Hh family genes is not maintained in floorplate cells and lateral expansion of the floorplate fails to occur. Our results suggest that this is due to defects both in the regulation of Hh activity in medial floorplate cells as well as cell-autonomous requirements for Foxa2 in the prospective laterally positioned floorplate cells themselves. Foxa2 is also required for induction and/or patterning of several distinct cell types in the ventral CNS. Serotonergic neurones of the raphe nucleus and the trochlear motor nucleus are absent in mol(-/-) embryos, and oculomotor and facial motoneurones ectopically occupy ventral CNS midline positions in the midbrain and hindbrain. There is also a severe reduction of prospective oligodendrocytes in the midbrain and hindbrain. Finally, in the absence of Foxa2, at least two likely Hh pathway target genes are ectopically expressed in more dorsal regions of the midbrain and hindbrain ventricular neuroepithelium, raising the possibility that Foxa2 activity may normally be required to limit the range of action of secreted Hh proteins
Rigorous engineering for hardware security: Formal modelling and proof in the CHERI design and implementation process
The root causes of many security vulnerabilities include a pernicious combination of two problems, often regarded as inescapable aspects of computing. First, the protection mechanisms provided by the mainstream processor architecture and C/C++ language abstractions, dating back to the 1970s and before, provide only coarse-grain virtual-memory-based protection. Second, mainstream system engineering relies almost exclusively on test-and-debug methods, with (at best) prose specifications. These methods have historically sufficed commercially for much of the computer industry, but they fail to prevent large numbers of exploitable bugs, and the security problems that this causes are becoming ever more acute.
In this paper we show how more rigorous engineering methods can be applied to the development of a new security-enhanced processor architecture, with its accompanying hardware implementation and software stack. We use formal models of the complete instruction-set architecture (ISA) at the heart of the design and engineering process, both in lightweight ways that support and improve normal engineering practice -- as documentation, in emulators used as a test oracle for hardware and for running software, and for test generation -- and for formal verification. We formalise key intended security properties of the design, and establish that these hold with mechanised proof. This is for the same complete ISA models (complete enough to boot operating systems), without idealisation.
We do this for CHERI, an architecture with \emph{hardware capabilities} that supports fine-grained memory protection and scalable secure compartmentalisation, while offering a smooth adoption path for existing software. CHERI is a maturing research architecture, developed since 2010, with work now underway on an Arm industrial prototype to explore its possible adoption in mass-market commercial processors. The rigorous engineering work described here has been an integral part of its development to date, enabling more rapid and confident experimentation, and boosting confidence in the design.This work was supported by EPSRC programme grant EP/K008528/1 (REMS: Rigorous Engineering for Mainstream Systems).
This work was supported by a Gates studentship (Nienhuis).
This project has received funding from the European Research Council
(ERC) under the European Union's Horizon 2020 research and innovation
programme (grant agreement 789108, ELVER).
This work was supported by the Defense
Advanced Research Projects Agency (DARPA) and the Air Force Research
Laboratory (AFRL), under contracts FA8750-10-C-0237 (CTSRD),
HR0011-18-C-0016 (ECATS),
and FA8650-18-C-7809 (CIFV)
CHERI: A hybrid capability-system architecture for scalable software compartmentalization
CHERI extends a conventional RISC Instruction-
Set Architecture, compiler, and operating system to support
fine-grained, capability-based memory protection to mitigate
memory-related vulnerabilities in C-language TCBs. We describe
how CHERI capabilities can also underpin a hardware-software
object-capability model for application compartmentalization
that can mitigate broader classes of attack. Prototyped as an
extension to the open-source 64-bit BERI RISC FPGA softcore
processor, FreeBSD operating system, and LLVM compiler,
we demonstrate multiple orders-of-magnitude improvement in
scalability, simplified programmability, and resulting tangible
security benefits as compared to compartmentalization based on
pure Memory-Management Unit (MMU) designs. We evaluate
incrementally deployable CHERI-based compartmentalization
using several real-world UNIX libraries and applications.We thank our colleagues Ross Anderson, Ruslan Bukin,
Gregory Chadwick, Steve Hand, Alexandre Joannou, Chris
Kitching, Wojciech Koszek, Bob Laddaga, Patrick Lincoln,
Ilias Marinos, A Theodore Markettos, Ed Maste, Andrew W.
Moore, Alan Mujumdar, Prashanth Mundkur, Colin Rothwell,
Philip Paeps, Jeunese Payne, Hassen Saidi, Howie Shrobe, and
Bjoern Zeeb, our anonymous reviewers, and shepherd Frank
Piessens, for their feedback and assistance. This work is part of
the CTSRD and MRC2 projects sponsored by the Defense Advanced
Research Projects Agency (DARPA) and the Air Force
Research Laboratory (AFRL), under contracts FA8750-10-C-
0237 and FA8750-11-C-0249. The views, opinions, and/or
findings contained in this paper are those of the authors and
should not be interpreted as representing the official views
or policies, either expressed or implied, of the Department
of Defense or the U.S. Government. We acknowledge the EPSRC
REMS Programme Grant [EP/K008528/1], Isaac Newton
Trust, UK Higher Education Innovation Fund (HEIF), Thales
E-Security, and Google, Inc.This is the author accepted manuscript. The final version is available at http://dx.doi.org/10.1109/SP.2015.
Molecular biology of breast cancer metastasis: The use of mathematical models to determine relapse and to predict response to chemotherapy in breast cancer
Breast cancer mortality rates have shown only modest improvemen despite the advent of effective chemotherapeutic agents which have been administered to a large percentage of women with breast cancer. In an effort to improve breast cancer treatment strategies, a variety of mathematical models have been developed that describe the natural history of breast cancer and the effects of treatment on the cancer. These models help researchers to develop, quantify, and test various treatment hypotheses quickly and efficiently. The present review discusses several of these models, with a focus on how they have been used to predict the initiation time of metastatic growth, the effect of operative therapy on the growth of metastases, and the optimal administration strategy for chemotherapy
Mathematical modeling of the metastatic process
Mathematical modeling in cancer has been growing in popularity and impact
since its inception in 1932. The first theoretical mathematical modeling in
cancer research was focused on understanding tumor growth laws and has grown to
include the competition between healthy and normal tissue, carcinogenesis,
therapy and metastasis. It is the latter topic, metastasis, on which we will
focus this short review, specifically discussing various computational and
mathematical models of different portions of the metastatic process, including:
the emergence of the metastatic phenotype, the timing and size distribution of
metastases, the factors that influence the dormancy of micrometastases and
patterns of spread from a given primary tumor.Comment: 24 pages, 6 figures, Revie
Fast Protection-Domain Crossing in the CHERI Capability-System Architecture
Capability Hardware Enhanced RISC Instructions (CHERI) supplement the conventional memory management unit (MMU) with instruction-set architecture (ISA) extensions that implement a capability system model in the address space. CHERI can also underpin a hardware-software object-capability model for scalable application compartmentalization that can mitigate broader classes of attack. This article describes ISA additions to CHERI that support fast protection-domain switching, not only in terms of low cycle count, but also efficient memory sharing with mutual distrust. The authors propose ISA support for sealed capabilities, hardware-assisted checking during protection-domain switching, a lightweight capability flow-control model, and fast register clearing, while retaining the flexibility of a software-defined protection-domain transition model. They validate this approach through a full-system experimental design, including ISA extensions, a field-programmable gate array prototype (implemented in Bluespec SystemVerilog), and a software stack including an OS (based on FreeBSD), compiler (based on LLVM), software compartmentalization model, and open-source applications.This work is part of the CTSRD and MRC2 projects sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C-0237 and FA8750-11-C-0249. We also acknowledge the Engineering and Physical Sciences Research Council (EPSRC) REMS Programme Grant [EP/K008528/1], the EPSRC Impact Acceleration Account [EP/K503757/1], EPSRC/ARM iCASE studentship [13220009], Microsoft studentship [MRS2011-031], the Isaac Newton Trust, the UK Higher Education Innovation Fund (HEIF), Thales E-Security, and Google, Inc.This is the author accepted manuscript. The final version of the article can be found at: http://ieeexplore.ieee.org/document/7723791
Recommended from our members
CheriABI: Enforcing Valid Pointer Provenance and Minimizing Pointer Privilege in the POSIX C Run-time Environment
The CHERI architecture allows pointers to be implemented as capabilities (rather than integer virtual addresses) in a manner that is compatible with, and strengthens, the semantics of the C language. In addition to the spatial protections offered by conventional fat pointers, CHERI capabilities offer strong integrity, enforced provenance validity, and access monotonicity. The stronger guarantees of these architectural capabilities must be reconciled with the real-world behavior of operating systems, run-time environments, and applications. When the process model, user-kernel interactions, dynamic linking, and memory management are all considered, we observe that simple derivation of architectural capabilities is insufficient to describe appropriate access to memory. We bridge this conceptual gap with a notional \emph{abstract capability} that describes the accesses that should be allowed at a given point in execution, whether in the kernel or userspace. To investigate this notion at scale, we describe the first adaptation of a full C-language operating system (FreeBSD) with an enterprise database (PostgreSQL) for complete spatial and referential memory safety. We show that awareness of abstract capabilities, coupled with CHERI architectural capabilities, can provide more complete protection, strong compatibility, and acceptable performance overhead compared with the pre-CHERI baseline and software-only approaches. Our observations also have potentially significant implications for other mitigation techniques.This work was supported by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C-0237 (``CTSRD'') and HR0011-18-C-0016 (``ECATS''). The views, opinions, and/or findings contained in this report are those of the authors and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government. We also acknowledge the EPSRC REMS Programme Grant (EP/K008528/1), the ERC ELVER Advanced Grant (789108), Arm Limited, HP Enterprise, and Google, Inc. Approved for Public Release, Distribution Unlimited
Experimental glomerulonephritis induced by hydrocarbon exposure: A systematic review
BACKGROUND: Much epidemiological evidence suggests that hydrocarbon exposure may induce glomerulonephritis and worsen its course in many patients. The mechanisms are unknown, however, no specific microscopic pattern has been identified, and it has also been argued that hydrocarbon exposure causes tubular damage mainly. Studying experimental animals may best answer these questions, and as no systematic review of glomerulonephritis produced experimentally by hydrocarbon exposure has been performed previously, I found it relevant to search for and analyse such studies. METHODS: Animal experiments having mimicked human glomerulonephritis by hydrocarbon exposure were sought on Medline and Toxnet RESULTS: Twenty-six experiments using thirteen different hydrocarbons were identified. Several human subtypes were observed including IgA nephritis, mesangial, proliferative and extracapillary glomerulonephritis, focal and focal-segmental sclerosis, minimal change nephropathy, anti-GBM and anti-TBM nephritis, and glomerulonephritis associated with peiarteritis nodosa. Glomerular proteinuria was seen in 10/12 experiments that included urine analyses, and renal failure in 5/8 experiments that included measurements of glomerular function. All experiments resulted in various degrees of tubular damage as well. In most studies, where the animals were examined at different times during or after the exposure, the renal microscopic and functional changes were seen immediately, whereas deposits of complement and immunoglobulins appeared late in the course, if at all. CONCLUSION: These experiments are in accord with epidemiological evidence that hydrocarbon exposure may cause glomerulonephritis and worsen renal function. Probable mechanisms include an induction of autologous antibodies and a disturbance of normal immunological functions. Also, tubular damage may increase postglomerular resistance, resulting in a glomerular deposition of macromolecules. In most models a causal role of glomerular immune complex formation was unlikely, but may rather have been a secondary phenomenon. As most glomerulonephritis subgroups were seen and as some of the hydrocarbons produced more than one subgroup, the microscopic findings in a patient cannot be used as a clue to the causation of his disease. By the same reason, the lack of a specific histological pattern in patients with glomerulonephritis assumed to have been caused by hydrocarbon exposure is not contradictive
Cornucopia: Temporal safety for CHERI heaps
Use-after-free violations of temporal memory safety continue to plague software systems, underpinning many high-impact exploits. The CHERI capability system shows great promise in achieving C and C++ language spatial memory safety, preventing out-of-bounds accesses. Enforcing language-level temporal safety on CHERI requires capability revocation, traditionally achieved either via table lookups (avoided for performance in the CHERI design) or by identifying capabilities in memory to revoke them (similar to a garbage-collector sweep). CHERIvoke, a prior feasibility study, suggested that CHERI’s tagged capabilities could make this latter strategy viable, but modeled only architectural limits and did not consider the full implementation or evaluation of the approach. Cornucopia is a lightweight capability revocation system for CHERI that implements non-probabilistic C/C++ temporal memory safety for standard heap allocations. It extends the CheriBSD virtual-memory subsystem to track capability flow through memory and provides a concurrent kernel-resident revocation service that is amenable to multi-processor and hardware acceleration. We demonstrate an average overhead of less than 2% and a worst-case of 8.9% for concurrent
revocation on compatible SPEC CPU2006 benchmarks on a multi-core CHERI CPU on FPGA, and we validate Cornucopia against the Juliet test suite’s corpus of temporally unsafe programs. We test its compatibility
with a large corpus of C programs by using a revoking allocator as the system allocator while booting multi-user CheriBSD. Cornucopia is a viable strategy for always-on temporal heap memory safety, suitable for production environments.This work was supported by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C-0237 (“CTSRD”) and HR0011-18-C-0016 (“ECATS”). We also acknowledge the EPSRC REMS Programme Grant (EP/K008528/1), the ABP Grant (EP/P020011/1), the ERC ELVER Advanced Grant (789108), the Gates Cambridge Trust, Arm Limited, HP Enterprise, and Google, Inc
Predictive factor for the response to adjuvant therapy with emphasis in breast cancer
One of the major challenges of early-stage breast cancer is to select the adjuvant therapy that ensures the most benefits and the least harm for the patient. The definition of accurate predictive factors is therefore of paramount importance. So far the choice of adjuvant therapy has been based on the number of affected lymph nodes and the hormone receptor status of the patient. This paper evaluates the use of other tumor-related markers as predictive factors for adjuvant therapy. These include HER2, p53 and Bcl-2, cathepsin B, p27, proliferating cell nuclear antigen (PCNA), cyclin D, Ki-67, and vascular endothelial growth factor (VEGF)
- …