Diagnose network failures via data-plane analysis

Diagnosing problems in networks is a time-consuming and error-prone process. Previous tools to assist operators primarily focus on analyzing control plane configuration. Configuration analysis is limited in that it cannot find bugs in router software, and is harder to generalize across protocols since it must model complex configuration languages and dynamic protocol behavior. This paper studies an alternate approach: diagnosing problems through static analysis of the data plane. This approach can catch bugs that are invisible at the level of configuration files, and simplifies unified analysis of a network across many protocols and implementations. We present Anteater, a tool for checking invariants in the data plane. Anteater translates high-level network invariants into boolean satisfiability problems, checks them against network state using a SAT solver, and reports counterexamples if violations have been found. Applied to a large campus network, Anteater revealed 23 bugs, including forwarding loops and stale ACL rules, with only five false positives. Nine of these faults are being fixed by campus network operators

Invariant Synthesis for Incomplete Verification Engines

We propose a framework for synthesizing inductive invariants for incomplete verification engines, which soundly reduce logical problems in undecidable theories to decidable theories. Our framework is based on the counter-example guided inductive synthesis principle (CEGIS) and allows verification engines to communicate non-provability information to guide invariant synthesis. We show precisely how the verification engine can compute such non-provability information and how to build effective learning algorithms when invariants are expressed as Boolean combinations of a fixed set of predicates. Moreover, we evaluate our framework in two verification settings, one in which verification engines need to handle quantified formulas and one in which verification engines have to reason about heap properties expressed in an expressive but undecidable separation logic. Our experiments show that our invariant synthesis framework based on non-provability information can both effectively synthesize inductive invariants and adequately strengthen contracts across a large suite of programs

Building abstractions for fast, secure, reliable computer systems

Modern computer systems play important roles in our society and everyday lives. Their performance, security and reliability are of critical importance. Real-world computer systems, however, occasionally suffer from performance degradation, security exploits, and poor reliability, because of the lack of efficient automatic analyses. This dissertation introduces a new methodology for building efficient automatic analyses for real-world computer systems through identifying and designing proper abstractions. It demonstrates the methodology within the context of three real-world computer systems: detecting net- work defects at the data plane level, exploiting data parallelism in web pages, and formally verifying security invariants in operating system kernels. This dissertation presents the design, implementation, and evaluation of the above systems, and shows that choosing the proper set of abstractions is an essential step to constructing efficient automatic analyses for real-world computer systems. Moreover, these analyses can become valuable tools to improve the performance, security and reliability of computer systems

Clinical characteristics of liver injury in SARS-CoV-2 Omicron variant- and Omicron subvariant-infected patients

Introduction and Objectives: Liver injury in severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2) Omicron variant- and Omicron subvariant-infected patients is unknown at present, and the aim of this study is to summarize liver injury in these patients. Patients and Methods: In this study, 460 SARS-CoV-2-infected patients were enrolled. Five severe or critical patients were excluded, and 34 patients were also excluded because liver injury was not considered to be related to SARS-CoV-2 infection. Liver injury was compared between Omicron and non-Omicron variants- and between Omicron subvariant-infected patients; additionally, the clinical data related to liver injury were also analyzed. Results: Among the 421 patients enrolled for analysis, liver injury was detected in 76 (18.1%) patients, including 46 Omicron and 30 non-Omicron variant-infected patients. The ratios did not differ between Omicron and non-Omicron variant-, Omicron BA.1, BA.2 and BA.5 subvariant-infected patients (P>0.05). The majority of abnormal parameters of liver function tests were mildly elevated (1-3 × ULN), the most frequently elevated parameter of liver function test was γ-glutamyl transpeptidase (GGT, 9.5%, 40/421), and patients with cholangiocyte or biliary duct injury markers were higher than with hepatocellular injury markers. Multivariate analysis showed that age (>40 years old, OR=1.898, 95% CI=1.058–3.402, P=0.032), sex (male gender, OR=2.031, 95% CI=1.211–3.408, P=0.007), serum amyloid A (SAA) level (>10 mg/ml, OR=3.595, 95% CI=1.840–7.026, P<0.001) and vaccination status (No, OR=2.131, 95% CI=1.089–4.173, P=0.027) were independent factors related to liver injury. Conclusions: Liver injury does not differ between Omicron and non-Omicron variants or between Omicron subvariant-infected patients. The elevations of cholangiocyte or biliary duct injury biomarkers are dominant in SARS-CoV-2-infected patients

Verifying security invariants in ExpressOS

Security for applications running on mobile devices is important. In this paper we present ExpressOS, a new OS for enabling highassurance applications to run on commodity mobile devices securely. Our main contributions are a new OS architecture and our use of formal methods for proving key security invariants about our implementation. In our use of formal methods, we focus solely on proving that our OS implements our security invariants correctly, rather than striving for full functional correctness, requiring significantly less verification effort while still proving the security relevant aspects of our system. We built ExpressOS, analyzed its security, and tested its performance. Our evaluation shows that the performance of ExpressOS is comparable to an Android-based system. In one test, we ran the same web browser on ExpressOS and on an Android-based system, and found that ExpressOS adds 16 % overhead on average to the page load latency time for nine popular web sites