CHERI: a research platform deconflating hardware virtualisation and protection

Contemporary CPU architectures conflate virtualization and protection, imposing virtualization-related performance, programmability, and debuggability penalties on software requiring finegrained protection. First observed in micro-kernel research, these problems are increasingly apparent in recent attempts to mitigate software vulnerabilities through application compartmentalisation. Capability Hardware Enhanced RISC Instructions (CHERI) extend RISC ISAs to support greater software compartmentalisation. CHERI’s hybrid capability model provides fine-grained compartmentalisation within address spaces while maintaining software backward compatibility, which will allow the incremental deployment of fine-grained compartmentalisation in both our most trusted and least trustworthy C-language software stacks. We have implemented a 64-bit MIPS research soft core, BERI, as well as a capability coprocessor, and begun adapting commodity software packages (FreeBSD and Chromium) to execute on the platform

CHERI: A hybrid capability-system architecture for scalable software compartmentalization

CHERI extends a conventional RISC Instruction- Set Architecture, compiler, and operating system to support fine-grained, capability-based memory protection to mitigate memory-related vulnerabilities in C-language TCBs. We describe how CHERI capabilities can also underpin a hardware-software object-capability model for application compartmentalization that can mitigate broader classes of attack. Prototyped as an extension to the open-source 64-bit BERI RISC FPGA softcore processor, FreeBSD operating system, and LLVM compiler, we demonstrate multiple orders-of-magnitude improvement in scalability, simplified programmability, and resulting tangible security benefits as compared to compartmentalization based on pure Memory-Management Unit (MMU) designs. We evaluate incrementally deployable CHERI-based compartmentalization using several real-world UNIX libraries and applications.We thank our colleagues Ross Anderson, Ruslan Bukin, Gregory Chadwick, Steve Hand, Alexandre Joannou, Chris Kitching, Wojciech Koszek, Bob Laddaga, Patrick Lincoln, Ilias Marinos, A Theodore Markettos, Ed Maste, Andrew W. Moore, Alan Mujumdar, Prashanth Mundkur, Colin Rothwell, Philip Paeps, Jeunese Payne, Hassen Saidi, Howie Shrobe, and Bjoern Zeeb, our anonymous reviewers, and shepherd Frank Piessens, for their feedback and assistance. This work is part of the CTSRD and MRC2 projects sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C- 0237 and FA8750-11-C-0249. The views, opinions, and/or findings contained in this paper are those of the authors and should not be interpreted as representing the official views or policies, either expressed or implied, of the Department of Defense or the U.S. Government. We acknowledge the EPSRC REMS Programme Grant [EP/K008528/1], Isaac Newton Trust, UK Higher Education Innovation Fund (HEIF), Thales E-Security, and Google, Inc.This is the author accepted manuscript. The final version is available at http://dx.doi.org/10.1109/SP.2015.

Fast Protection-Domain Crossing in the CHERI Capability-System Architecture

Capability Hardware Enhanced RISC Instructions (CHERI) supplement the conventional memory management unit (MMU) with instruction-set architecture (ISA) extensions that implement a capability system model in the address space. CHERI can also underpin a hardware-software object-capability model for scalable application compartmentalization that can mitigate broader classes of attack. This article describes ISA additions to CHERI that support fast protection-domain switching, not only in terms of low cycle count, but also efficient memory sharing with mutual distrust. The authors propose ISA support for sealed capabilities, hardware-assisted checking during protection-domain switching, a lightweight capability flow-control model, and fast register clearing, while retaining the flexibility of a software-defined protection-domain transition model. They validate this approach through a full-system experimental design, including ISA extensions, a field-programmable gate array prototype (implemented in Bluespec SystemVerilog), and a software stack including an OS (based on FreeBSD), compiler (based on LLVM), software compartmentalization model, and open-source applications.This work is part of the CTSRD and MRC2 projects sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C-0237 and FA8750-11-C-0249. We also acknowledge the Engineering and Physical Sciences Research Council (EPSRC) REMS Programme Grant [EP/K008528/1], the EPSRC Impact Acceleration Account [EP/K503757/1], EPSRC/ARM iCASE studentship [13220009], Microsoft studentship [MRS2011-031], the Isaac Newton Trust, the UK Higher Education Innovation Fund (HEIF), Thales E-Security, and Google, Inc.This is the author accepted manuscript. The final version of the article can be found at: http://ieeexplore.ieee.org/document/7723791

The plight of the sense-making ape

This is a selective review of the published literature on object-choice tasks, where participants use directional cues to find hidden objects. This literature comprises the efforts of researchers to make sense of the sense-making capacities of our nearest living relatives. This chapter is written to highlight some nonsensical conclusions that frequently emerge from this research. The data suggest that when apes are given approximately the same sense-making opportunities as we provide our children, then they will easily make sense of our social signals. The ubiquity of nonsensical contemporary scientific claims to the effect that humans are essentially--or inherently--more capable than other great apes in the understanding of simple directional cues is, itself, a testament to the power of preconceived ideas on human perception

Contribution of Cystine-Glutamate Antiporters to the Psychotomimetic Effects of Phencyclidine

Altered glutamate signaling contributes to a myriad of neural disorders, including schizophrenia. While synaptic levels are intensely studied, nonvesicular release mechanisms, including cystine–glutamate exchange, maintain high steady-state glutamate levels in the extrasynaptic space. The existence of extrasynaptic receptors, including metabotropic group II glutamate receptors (mGluR), pose nonvesicular release mechanisms as unrecognized targets capable of contributing to pathological glutamate signaling. We tested the hypothesis that activation of cystine–glutamate antiporters using the cysteine prodrug N-acetylcysteine would blunt psychotomimetic effects in the rodent phencyclidine (PCP) model of schizophrenia. First, we demonstrate that PCP elevates extracellular glutamate in the prefrontal cortex, an effect that is blocked by N-acetylcysteine pretreatment. To determine the relevance of the above finding, we assessed social interaction and found that N-acetylcysteine reverses social withdrawal produced by repeated PCP. In a separate paradigm, acute PCP resulted in working memory deficits assessed using a discrete trial t-maze task, and this effect was also reversed by N-acetylcysteine pretreatment. The capacity of N-acetylcysteine to restore working memory was blocked by infusion of the cystine–glutamate antiporter inhibitor (S)-4-carboxyphenylglycine into the prefrontal cortex or systemic administration of the group II mGluR antagonist LY341495 indicating that the effects of N-acetylcysteine requires cystine–glutamate exchange and group II mGluR activation. Finally, protein levels from postmortem tissue obtained from schizophrenic patients revealed significant changes in the level of xCT, the active subunit for cystine–glutamate exchange, in the dorsolateral prefrontal cortex. These data advance cystine–glutamate antiporters as novel targets capable of reversing the psychotomimetic effects of PCP

Low back pain as the presenting sign in a patient with primary extradural melanoma of the thoracic spine - A metastatic disease 17 Years after complete surgical resection

Primary spinal melanomas are extremely rare lesions. In 1906, Hirschberg reported the first primary spinal melanoma, and since then only 40 new cases have been reported. A 47-year-old man was admitted suffering from low back pain, fatigue and loss of body weight persisting for three months. He had a 17-year-old history of an operated primary spinal melanoma from T7-T9, which had remained stable for these 17 years. Routine laboratory findings and clinical symptoms aroused suspicion of a metastatic disease. Multislice computed tomography and magnetic resonance imaging revealed stage-IV melanoma with thoracic, abdominal and skeletal metastases without the recurrence of the primary process. Transiliac crest core bone biopsy confirmed the diagnosis of metastatic melanoma. It is important to know that in all cases of back ore skeletal pain and unexplained weight loss, malignancy must always be considered in the differential diagnosis, especially in the subjects with a positive medical history. Patients who have back, skeletal, or joint pain that is unresponsive to a few weeks of conservative treatment or have known risk factors with or without serious etiology, are candidates for imaging studies. The present case demonstrates that complete surgical resection alone may result in a favourable outcome, but regular medical follow-up for an extended period, with the purpose of an early detection of a metastatic disease, is highly recommended

Quantitative RT-PCR profiling of the Rabbit Immune Response: Assessment of Acute Shigella flexneri Infection

Quantitative reverse transcription PCR analysis is an important tool to monitor changes in gene expression in animal models. The rabbit is a widely accepted and commonly used animal model in the study of human diseases and infections by viral, fungal, bacterial and protozoan pathogens. Only a limited number of rabbit genes have, however, been analyzed by this method as the rabbit genome sequence remains unfinished. Recently, increasing coverage of the genome has permitted the prediction of a growing number of genes that are relevant in the context of the immune response. We hereby report the design of twenty-four quantitative PCR primer pairs covering common cytokines, chemoattractants, antimicrobials and enzymes for a rapid, sensitive and quantitative analysis of the rabbit immune response. Importantly, all primer pairs were designed to be used under identical experimental conditions, thereby enabling the simultaneous analysis of all genes in a high-throughput format. This tool was used to analyze the rabbit innate immune response to infection with the human gastrointestinal pathogen Shigella flexneri. Beyond the known inflammatory mediators, we identified IL-22, IL-17A and IL-17F as highly upregulated cytokines and as first responders to infection during the innate phase of the host immune response. This set of qPCR primers also provides a convenient tool for monitoring the rabbit immune response during infection with other pathogens and other inflammatory conditions

Stay Tuned: What Is Special About Not Shifting Attention?

Background: When studying attentional orienting processes, brain activity elicited by symbolic cue is usually compared to a neutral condition in which no information is provided about the upcoming target location. It is generally assumed that when a neutral cue is provided, participants do not shift their attention. The present study sought to validate this assumption. We further investigated whether anticipated task demands had an impact on brain activity related to processing symbolic cues. Methodology/Principal Findings: Two experiments were conducted, during which event-related potentials were elicited by symbolic cues that instructed participants to shift their attention to a particular location on a computer screen. In Experiment 1, attention shift-inducing cues were compared to non-informative cues, while in both conditions participants were required to detect target stimuli that were subsequently presented at peripheral locations. In Experiment 2, a non-ambiguous "stay-central'' cue that explicitly required participants not to shift their attention was used instead. In the latter case, target stimuli that followed a stay-central cue were also presented at a central location. Both experiments revealed enlarged early latency contralateral ERP components to shift-inducing cues compared to those elicited by either non-informative (exp. 1) or stay-central cues (exp. 2). In addition, cueing effects were modulated by the anticipated difficulty of the upcoming target, particularly so in Experiment 2. A positive difference, predominantly over the posterior contralateral scalp areas, could be observed for stay-central cues, especially for those predicting that the upcoming target would be easy. This effect was not present for non-informative cues. Conclusions/Significance: We interpret our result in terms of a more rapid engagement of attention occurring in the presence of a more predictive instruction (i.e. stay-central easy target). Our results indicate that the human brain is capable of very rapidly identifying the difference between different types of instructions

Measures of low food variety and poor dietary quality in a cross-sectional study of London school children.

BACKGROUND/OBJECTIVES: The use of simple screening tools to measure nutritional adequacy in a public health context in developed countries are currently lacking. We explore the relationship between food variety and nutrient intake of London school children using a simple tool with potential use for screening for inadequate diets. SUBJECTS/METHODS: A cross-sectional survey was carried out in 2010. The survey included 2579 children aged 7-10 years in 52 primary schools in East London in the United Kingdom. The analysis included 2392 children (93% of the original sample). Food variety was assessed as the total number of listed foods recorded over 24 h using the validated Child and Diet Assessment Tool (CADET) comprising 115 listed foods divided into 16 food categories. Dietary quality was determined by the proportion of children meeting recommended intakes of individual micronutrients, namely, calcium, iron, zinc, folate, vitamin A and vitamin C. RESULTS: The mean number of CADET-listed foods consumed daily by children was 17.1 (95% CI: 16.8, 17.5). Children who consumed fewer than 11 foods on the collection day had particularly low nutrient intakes. Children consuming three different vegetables and two different fruits on average consumed 19-20 listed foods. It was estimated between 4 and 20% of children did not meet the recommended levels for individual micronutrients during the period of data collection. CONCLUSIONS: A simple method using food counts to assess daily food variety may help public health nutritionists identify groups of children at risk of inadequate diets