SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices

Trusted Execution Environments (TEEs) embedded in IoT devices provide a deployable solution to secure IoT applications at the hardware level. By design, in TEEs, the Trusted Operating System (Trusted OS) is the primary component. It enables the TEE to use security-based design techniques, such as data encryption and identity authentication. Once a Trusted OS has been exploited, the TEE can no longer ensure security. However, Trusted OSes for IoT devices have received little security analysis, which is challenging from several perspectives: (1) Trusted OSes are closed-source and have an unfavorable environment for sending test cases and collecting feedback. (2) Trusted OSes have complex data structures and require a stateful workflow, which limits existing vulnerability detection tools. To address the challenges, we present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes. SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices as well as tracking state and code coverage non-invasively. SyzTrust utilizes composite feedback to guide the fuzzer to effectively explore more states as well as to increase the code coverage. We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud. These systems run on Cortex M23/33 MCUs, which provide the necessary abstraction for embedded TEEs. We discovered 70 previously unknown vulnerabilities in their Trusted OSes, receiving 10 new CVEs so far. Furthermore, compared to the baseline, SyzTrust has demonstrated significant improvements, including 66% higher code coverage, 651% higher state coverage, and 31% improved vulnerability-finding capability. We report all discovered new vulnerabilities to vendors and open source SyzTrust.Comment: To appear in the IEEE Symposium on Security and Privacy (IEEE S&P) 2024, San Francisco, CA, US

Retrospective evaluation of whole exome and genome mutation calls in 746 cancer samples

Funder: NCI U24CA211006Abstract: The Cancer Genome Atlas (TCGA) and International Cancer Genome Consortium (ICGC) curated consensus somatic mutation calls using whole exome sequencing (WES) and whole genome sequencing (WGS), respectively. Here, as part of the ICGC/TCGA Pan-Cancer Analysis of Whole Genomes (PCAWG) Consortium, which aggregated whole genome sequencing data from 2,658 cancers across 38 tumour types, we compare WES and WGS side-by-side from 746 TCGA samples, finding that ~80% of mutations overlap in covered exonic regions. We estimate that low variant allele fraction (VAF < 15%) and clonal heterogeneity contribute up to 68% of private WGS mutations and 71% of private WES mutations. We observe that ~30% of private WGS mutations trace to mutations identified by a single variant caller in WES consensus efforts. WGS captures both ~50% more variation in exonic regions and un-observed mutations in loci with variable GC-content. Together, our analysis highlights technological divergences between two reproducible somatic variant detection efforts

Mussel-inspired HA@TA-CS/SA biomimetic 3D printed scaffolds with antibacterial activity for bone repair

Bacterial infection is a major challenge that could threaten the patient’s life in repairing bone defects with implant materials. Developing functional scaffolds with an intelligent antibacterial function that can be used for bone repair is very important. We constructed a drug delivery (HA@TA-CS/SA) scaffold with curcumin-loaded dendritic mesoporous organic silica nanoparticles (DMON@Cur) via 3D printing for antibacterial bone repair. Inspired by the adhesion mechanism of mussels, the HA@TA-CS/SA scaffold of hydroxyapatite (HA) and chitosan (CS) is bridged by tannic acid (TA), which in turn binds sodium alginate (SA) using electrostatic interactions. The results showed that the HA@TA-CS/SA composite scaffold had better mechanical properties compared with recent literature data, reaching 68.09 MPa. It displayed excellent degradation and mineralization capabilities with strong biocompatibility in vitro. Furthermore, the antibacterial test results indicated that the curcumin-loaded scaffold inhibited S.aureus and E.coli with 99.99% and 96.56% effectiveness, respectively. These findings show that 3D printed curcumin-loaded HA@TA-CS/SA scaffold has considerable promise for bone tissue engineering

Additional file 1 of A novel TCGA-validated programmed cell-death-related signature of ovarian cancer

Supplementary Material