211 research outputs found
Proving the Absence of Microarchitectural Timing Channels
Microarchitectural timing channels are a major threat to computer security. A
set of OS mechanisms called time protection was recently proposed as a
principled way of preventing information leakage through such channels and
prototyped in the seL4 microkernel. We formalise time protection and the
underlying hardware mechanisms in a way that allows linking them to the
information-flow proofs that showed the absence of storage channels in seL4.Comment: Scott Buckley and Robert Sison were joint lead author
Cogent: uniqueness types and certifying compilation
This paper presents a framework aimed at significantly reducing the cost of proving functional correctness for low-level operating systems components. The framework is designed around a new functional programming language, Cogent. A central aspect of the language is its uniqueness type system, which eliminates the need for a trusted runtime or garbage collector while still guaranteeing memory safety, a crucial property for safety and security. Moreover, it allows us to assign two semantics to the language: The first semantics is imperative, suitable for efficient C code generation, and the second is purely functional, providing a user-friendly interface for equational reasoning and verification of higher-level correctness properties. The refinement theorem connecting the two semantics allows the compiler to produce a proof via translation validation certifying the correctness of the generated C code with respect to the semantics of the Cogent source program. We have demonstrated the effectiveness of our framework for implementation and for verification through two file system implementations
Cogent: uniqueness types and certifying compilation.
This paper presents a framework aimed at significantly reducing the cost of proving functional correctness for low-level operating systems components. The framework is designed around a new functional programming language, Cogent. A central aspect of the language is its uniqueness type system, which eliminates the need for a trusted runtime or garbage collector while still guaranteeing memory safety, a crucial property for safety and security. Moreover, it allows us to assign two semantics to the language: The first semantics is imperative, suitable for efficient C code generation, and the second is purely functional, providing a user-friendly interface for equational reasoning and verification of higher-level correctness properties. The refinement theorem connecting the two semantics allows the compiler to produce a proof via translation validation certifying the correctness of the generated C code with respect to the semantics of the Cogent source program. We have demonstrated the effectiveness of our framework for implementation and for verification through two file system implementations
Lassie: HOL4 Tactics by Example
Proof engineering efforts using interactive theorem proving have yielded
several impressive projects in software systems and mathematics. A key obstacle
to such efforts is the requirement that the domain expert is also an expert in
the low-level details in constructing the proof in a theorem prover. In
particular, the user needs to select a sequence of tactics that lead to a
successful proof, a task that in general requires knowledge of the exact names
and use of a large set of tactics.
We present Lassie, a tactic framework for the HOL4 theorem prover that allows
individual users to define their own tactic language by example and give
frequently used tactics or tactic combinations easier-to-remember names. The
core of Lassie is an extensible semantic parser, which allows the user to
interactively extend the tactic language through a process of definitional
generalization. Defining tactics in Lassie thus does not require any knowledge
in implementing custom tactics, while proofs written in Lassie retain the
correctness guarantees provided by the HOL4 system. We show through case
studies how Lassie can be used in small and larger proofs by novice and more
experienced interactive theorem prover users, and how we envision it to ease
the learning curve in a HOL4 tutorial
Ibrutinib added to 10-day decitabine for older patients with AML and higher risk MDS
The treatment of older, unfit patients with acute myeloid leukemia (AML) is challenging. Based on preclinical data of Bruton tyrosine kinase expression/phosphorylation and ibrutinib cytotoxicity in AML blasts, we conducted a randomized phase 2 multicenter study to assess the tolerability and efficacy of the addition of ibrutinib to 10-day decitabine in unfit (ie, Hematopoietic Cell Transplantation Comorbidity Index ≥3) AML patients and higher risk myelodysplasia patients (HOVON135/SAKK30/15 trial). In total, 144 eligible patients were randomly (1:1) assigned to either 10-day decitabine combined with ibrutinib (560 mg; sequentially given, starting the day after the last dose of decitabine) (n = 72) or to 10-day decitabine (n = 72). The addition of ibrutinib was well tolerated, and the number of adverse events was comparable for both arms. In the decitabine plus ibrutinib arm, 41% reached complete remission/complete remission with incomplete hematologic recovery (CR/CRi), the median overall survival (OS) was 11 months, and 2-year OS was 27%; these findings compared with 50% CR/CRi, median OS of 11.5 months, and 2-year OS of 21% for the decitabine group (not significant). Extensive molecular profiling at diagnosis revealed that patients with STAG2, IDH2, and ASXL1 mutations had significantly lower CR/CRi rates, whereas patients with mutations in TP53 had significantly higher CR/CRi rates. Furthermore, multicolor flow cytometry revealed that after 3 cycles of treatment, 28 (49%) of 57 patients with available bone marrow samples had no measurable residual disease. In this limited number of cases, measurable residual disease revealed no apparent impact on event-free survival and OS. In conclusion, the addition of ibrutinib does not improve the therapeutic efficacy of decitabine. This trial was registered at the Netherlands Trial Register (NL5751 [NTR6017]) and has EudraCT number 2015-002855-85
Comparison of Gene Expression Profiles in Chromate Transformed BEAS-2B Cells
Hexavalent chromium [Cr(VI)] is a potent human carcinogen.
Occupational exposure has been associated with increased risk of respiratory
cancer. Multiple mechanisms have been shown to contribute to Cr(VI) induced
carcinogenesis, including DNA damage, genomic instability, and epigenetic
modulation, however, the molecular mechanism and downstream genes mediating
chromium's carcinogenicity remain to be elucidated.We established chromate transformed cell lines by chronic exposure of normal
human bronchial epithelial BEAS-2B cells to low doses of Cr(VI) followed by
anchorage-independent growth. These transformed cell lines not only
exhibited consistent morphological changes but also acquired altered and
distinct gene expression patterns compared with normal BEAS-2B cells and
control cell lines (untreated) that arose spontaneously in soft agar.
Interestingly, the gene expression profiles of six Cr(VI) transformed cell
lines were remarkably similar to each other yet differed significantly from
that of either control cell lines or normal BEAS-2B cells. A total of 409
differentially expressed genes were identified in Cr(VI) transformed cells
compared to control cells. Genes related to cell-to-cell junction were
upregulated in all Cr(VI) transformed cells, while genes associated with the
interaction between cells and their extracellular matrices were
down-regulated. Additionally, expression of genes involved in cell
proliferation and apoptosis were also changed.This study is the first to report gene expression profiling of Cr(VI)
transformed cells. The gene expression changes across individual chromate
exposed clones were remarkably similar to each other but differed
significantly from the gene expression found in anchorage-independent clones
that arose spontaneously. Our analysis identified many novel gene expression
changes that may contribute to chromate induced cell transformation, and
collectively this type of information will provide a better understanding of
the mechanism underlying chromate carcinogenicity
- …