InversOS: Efficient Control-Flow Protection for AArch64 Applications with Privilege Inversion

With the increasing popularity of AArch64 processors in general-purpose computing, securing software running on AArch64 systems against control-flow hijacking attacks has become a critical part toward secure computation. Shadow stacks keep shadow copies of function return addresses and, when protected from illegal modifications and coupled with forward-edge control-flow integrity, form an effective and proven defense against such attacks. However, AArch64 lacks native support for write-protected shadow stacks, while software alternatives either incur prohibitive performance overhead or provide weak security guarantees. We present InversOS, the first hardware-assisted write-protected shadow stacks for AArch64 user-space applications, utilizing commonly available features of AArch64 to achieve efficient intra-address space isolation (called Privilege Inversion) required to protect shadow stacks. Privilege Inversion adopts unconventional design choices that run protected applications in the kernel mode and mark operating system (OS) kernel memory as user-accessible; InversOS therefore uses a novel combination of OS kernel modifications, compiler transformations, and another AArch64 feature to ensure the safety of doing so and to support legacy applications. We show that InversOS is secure by design, effective against various control-flow hijacking attacks, and performant on selected benchmarks and applications (incurring overhead of 7.0% on LMBench, 7.1% on SPEC CPU 2017, and 3.0% on Nginx web server).Comment: 18 pages, 9 figures, 4 table

Faculty internationalization perceptions survey : development and validation

"May 2014."Advisor: Dr. Peggy Placier.Includes vita.The purpose of this study was to develop an assessment instrument for measuring faculty member perceptions of support for internationalization. The instrument was developed through a literature review, examined for content validity by members of Association of International Education Administrators, and analyzed for construct validity through confirmatory factor analysis. The process and procedures used to develop and validate the Faculty International Perceptions Survey (FIPS) involved a pilot study, the use of a web based application known as Question Understanding AID (QUAID), and an expert review. As a result an initial survey was developed and sent via electronic mail to faculty members in three institutions of higher education, the University of Missouri, (MU), the University of Saskatchewan (USask) and Westminster College (WC). The resulting dataset included n=512 usable responses with n=325 from MU, n=30 from WC, and n=158 from USask. A confirmatory factor analysis was then conducted to verify that the data fit the hypothesized factors (institutional support, faculty expectations, faculty rewards, and international experience). The statistical analysis of the data resulted in the removal of 13 psychometric variables and the exclusion of international experience as a factor. However variables associated with factors institutional support, faculty expectations, and faculty rewards, fit very well and resulted in a very strong model with which to measure various aspects of internationalization. Further analysis indicate d that these factors when defined as first order factors, loaded very well on a single second order factor which provides a measure of internationalization as a whole. These results are encouraging as they provide institutional leaders and researchers with a tool for understanding how faculty members perceive support for internationalization.Includes bibliographical references (pages 120-134)

Fast Summary-based Whole-program Analysis to Identify Unsafe Memory Accesses in Rust

Rust is one of the most promising systems programming languages to fundamentally solve the memory safety issues that have plagued low-level software for over forty years. However, to accommodate the scenarios where Rust's type rules might be too restrictive for certain systems programming and where programmers opt for performance over security checks, Rust opens security escape hatches allowing writing unsafe source code or calling unsafe libraries. Consequently, unsafe Rust code and directly-linked unsafe foreign libraries may not only introduce memory safety violations themselves but also compromise the entire program as they run in the same monolithic address space as the safe Rust. This problem can be mitigated by isolating unsafe memory objects (those accessed by unsafe code) and sandboxing memory accesses to the unsafe memory. One category of prior work utilizes existing program analysis frameworks on LLVM IR to identify unsafe memory objects and accesses. However, they suffer the limitations of prolonged analysis time and low precision. In this paper, we tackled these two challenges using summary-based whole-program analysis on Rust's MIR. The summary-based analysis computes information on demand so as to save analysis time. Performing analysis on Rust's MIR exploits the rich high-level type information inherent to Rust, which is unavailable in LLVM IR. This manuscript is a preliminary study of ongoing research. We have prototyped a whole-program analysis for identifying both unsafe heap allocations and memory accesses to those unsafe heap objects. We reported the overhead and the efficacy of the analysis in this paper

The Eve Mitochondrial Consensus Sequence

We have calculated the consensus sequence for human mitochondrial DNA using over 800 available sequences. Analysis of this consensus reveals an unexpected lack of diversity within human mtDNA worldwide. Not only is more than 83% of the mitochondrial genome invariant, but in over 99% of the variable positions, the majority allele was found in at least 90% of the individuals. In the remaining 0.22% of the 16,569 positions, which we conservatively refer to as “ambiguous,” everyone could be reliably assigned to either a purine or pyrimidine ancestral state. There was only one position where the most common allele had an allele frequency of less than 50%, but this has been shown to be a mutational hot spot. On average, the individuals in our dataset differed from the Eve consensus by 21.6 nucleotides. Sequences derived from sub-Saharan Africa were considerably moredivergent than average. Given the high mutation rate within mitochondria and the large geographic separation among the individuals within our dataset, we did not expect to find the original human mitochondrial sequence to be so well preserved within modern populations. With the exception of a very few ambiguous nucleotides, the consensus sequence clearly represents Eves mitochondrial DNAsequence

Faculty Internationalization Priorities

The internationalization of higher education has been the subject of a substantial body of research. However, few studies have examined how faculty members, significant implementers of internationalization, think about internationalization priorities. This article presents the results of a questionnaire which was sent to faculty members at three institutions of higher education, two in the United States and one in Canada. Three-hundred and seventy-five faculty members responded to an open ended question asking how they would prioritize international initiatives at their institution. These comments were coded and categorized based on patterns that emerged from the data. Additionally, the top five topics were examined more in depth to reveal faculty rationale for each. Two findings emerged from this study. First, respondents overwhelmingly support internationalization. Second, they expect the institution to shoulder the burden for the implementation of institutional directives. These findings inform institutional internationalization administrators

Health-related quality of life and depression among participants in the Sjögren's International Collaborative Clinical Alliance registry.

ObjectiveTo examine health-related quality of life (HRQoL) and depression among participants in an international Sjögren's syndrome (SS) registry, comparing those with and without SS.MethodsCross-sectional study of participants in the Sjögren's International Collaborative Clinical Alliance (SICCA) registry. The 2016 American College of Rheumatology/European League Against Rheumatism SS classification criteria were used to determine disease status. HRQoL was assessed using the Short Form 12, version 2 Health Survey to derive scores for physical component summary (PCS) and mental component summary (MCS). Depression was assessed using the 9-Item Patient Health Questionnaire. Multivariate linear and logistic regression analyses were performed to identify predictors of HRQoL and depression while controlling for potential confounders.ResultsAmong 2401 SICCA participants who had symptoms of dry eyes and dry mouth, 1051 had SS (44%) and 1350 did not (56%). After controlling for confounders, when compared with non-SS participants, those with SS had better PCS (p<0.001, β=2.43, 95% CI 1.57 to 3.29), MCS (p=0.002, β=1.37, 95% CI 0.50 to 2.23) and lower adjusted odds of depression (p<0.001, OR 0.67, 95% CI 0.55 to 0.81). Other significant predictors of HRQoL and depression included employment, country of residence and use of medication with anticholinergic effect or for management of SS-related signs and symptoms.ConclusionOur results suggest that among symptomatic patients, having a diagnosis of SS may be associated with better emotional and psychological well-being compared with patients without a diagnosis. Having a definitive diagnosis of SS may encourage patients to obtain a better understanding of their disease and have coping mechanisms in place to better manage their symptoms