Serberus: Protecting Cryptographic Code from Spectres at Compile-Time

We present Serberus, the first comprehensive mitigation for hardening constant-time (CT) code against Spectre attacks (involving the PHT, BTB, RSB, STL and/or PSF speculation primitives) on existing hardware. Serberus is based on three insights. First, some hardware control-flow integrity (CFI) protections restrict transient control-flow to the extent that it may be comprehensively considered by software analyses. Second, conformance to the accepted CT code discipline permits two code patterns that are unsafe in the post-Spectre era. Third, once these code patterns are addressed, all Spectre leakage of secrets in CT programs can be attributed to one of four classes of taint primitives--instructions that can transiently assign a secret value to a publicly-typed register. We evaluate Serberus on cryptographic primitives in the OpenSSL, Libsodium, and HACL* libraries. Serberus introduces 21.3% runtime overhead on average, compared to 24.9% for the next closest state-of-the-art software mitigation, which is less secure.Comment: Authors' version; to appear in the Proceedings of the IEEE Symposium on Security and Privacy (S&P) 202

Squamous Cell Carcinoma: PET/CT and PET/MRI of the Pretreatment and Post-Treatment Neck

The incidence of head and neck cancer continues to rise annually, most commonly squamous cell carcinoma (SCCa). Advances in imaging techniques have improved diagnostic accuracy with important ramifications for initial staging and post-treatment surveillance. FDG-PET/CT and, more recently, FDG-PET/MRI have revolutionized the staging and surveillance of head and neck SCCa. We detail the diagnostic role of FDG-PET/CT and FDG-PET/MRI of SCCa at the different head and neck subsites, highlighting their role in identifying the primary tumor extent, regional nodal metastases, and distant metastatic disease in the pretreatment and post-treatment setting, as well as implications for staging, treatment, and prognosis

Axiomatic hardware-software contracts for security

We propose leakage containment models (LCMs)—novel axiomatic security contracts which support formally reasoning about the security guarantees of programs when they run on particular microarchitectures. Our core contribution is an axiomatic vocabulary for formalizing LCMs, derived from the established axiomatic vocabulary for formalizing processor memory consistency models. Using this vocabulary, we formalize microarchitectural leakage—focusing on leakage through hardware memory systems—so that it can be automatically detected in programs and provide a taxonomy for classifying said leakage by severity. To illustrate the efficacy of LCMs, we first demonstrate that our leakage definition faithfully captures a sampling of (transient and non-transient) microarchitectural attacks from the literature. Second, we develop a static analysis tool based on LCMs which automatically identifies Spectre vulnerabilities in programs and scales to analyze real-world crypto-libraries

Hardware-Software Codesign for Mitigating Spectre

Spectre attacks exploit control- and data-flow (mis)prediction on modern processors to transiently leak program secrets. Comprehensively mitigating Spectre leakage is hard, and doing so while preserving the program’s performance is even harder: no existing Spectre mitigations are widely deployed due to their high overhead or high complexity. We claim that a comprehensive, efficient, and low-complexity mitigation for Spectre attacks requires engaging in software-compiler-hardware co-design. In our talk, we will pitch such a co-designed Spectre mitigation that will be widely deployable at a low cost in security-critical applications. As a first step towards this goal, we have developed Serberus, a comprehensive and proven-correct Spectre mitigation for constant-time code that targets existing hardware. We are currently exploring lightweight hardware support to improve Serberus’ performance in other application domains

Transcend: A Thin-Shell Japanese Onsen Experience

This project is an interdisciplinary architectural design of a funicular Japanese onsen utilizing the compressive strength of thin-shell concrete. A section of this project was also built to scale on the Cal Poly campus in the Architectural Engineering department\u27s High Bay facility. This project was designed utilizing Rhinoceros and analyzed using SAP 2000 19

The Science Performance of JWST as Characterized in Commissioning

This paper characterizes the actual science performance of the James Webb Space Telescope (JWST), as determined from the six month commissioning period. We summarize the performance of the spacecraft, telescope, science instruments, and ground system, with an emphasis on differences from pre-launch expectations. Commissioning has made clear that JWST is fully capable of achieving the discoveries for which it was built. Moreover, almost across the board, the science performance of JWST is better than expected; in most cases, JWST will go deeper faster than expected. The telescope and instrument suite have demonstrated the sensitivity, stability, image quality, and spectral range that are necessary to transform our understanding of the cosmos through observations spanning from near-earth asteroids to the most distant galaxies.Comment: 5th version as accepted to PASP; 31 pages, 18 figures; https://iopscience.iop.org/article/10.1088/1538-3873/acb29

The James Webb Space Telescope Mission

Twenty-six years ago a small committee report, building on earlier studies, expounded a compelling and poetic vision for the future of astronomy, calling for an infrared-optimized space telescope with an aperture of at least $4m$. With the support of their governments in the US, Europe, and Canada, 20,000 people realized that vision as the $6.5m$ James Webb Space Telescope. A generation of astronomers will celebrate their accomplishments for the life of the mission, potentially as long as 20 years, and beyond. This report and the scientific discoveries that follow are extended thank-you notes to the 20,000 team members. The telescope is working perfectly, with much better image quality than expected. In this and accompanying papers, we give a brief history, describe the observatory, outline its objectives and current observing program, and discuss the inventions and people who made it possible. We cite detailed reports on the design and the measured performance on orbit.Comment: Accepted by PASP for the special issue on The James Webb Space Telescope Overview, 29 pages, 4 figure

First Pass Success Without Adverse Events Is Reduced Equally with Anatomically Difficult Airways and Physiologically Difficult Airways

Introduction: The goal of emergency airway management is first pass success without adverse events (FPS-AE). Anatomically difficult airways are well appreciated to be an obstacle to this goal. However, little is known about the effect of the physiologically difficult airway with regard to FPS-AE. This study evaluates the effects of both anatomically and physiologically difficult airways on FPS-AE in patients undergoing rapid sequence intubation (RSI) in the emergency department (ED).Methods: We analyzed prospectively recorded intubations in a continuous quality improvement database between July 1, 2014–June 30, 2018. Emergency medicine (EM) or emergency medicine/pediatric (EM-PEDS) residents recorded patient, operator, and procedural characteristics on all consecutive adult RSIs performed using a direct or video laryngoscope. The presence of specific anatomically and physiologically difficult airway characteristics were also documented by the operator. Patients were analyzed in four cohorts: 1) no anatomically or physiologically difficult airway  characteristics; 2) one or more anatomically difficult airway characteristics; 3) one or more physiologically difficult airway characteristics; and 4) both anatomically and physiologically difficult airway characteristics. The primary outcome was FPS-AE. We performed a multivariable logistic regression analysis to determine the association between anatomically difficult airways or physiologically difficult airways and FPS-AE.Results: A total of 1513 intubations met inclusion criteria and were analyzed. FPS-AE for patients without any difficult airway characteristics was 92.4%, but reduced to 82.1% (difference = - 10.3%, 95% confidence interval (CI), - 14.8% to - 5.6%) with the presence of one or more anatomically difficult airway characteristics, and 81.7% (difference = - 10.7%, 95% CI, - 17.3% to - 4.0%) with the presence of one or more physiologically difficult airway characteristics. FPS-AE was further reduced to 70.9% (difference = - 21.4%, 95% CI, - 27.0% to - 16.0%) with the presence of both anatomically and physiologically difficult airway characteristics. The adjusted odds ratio (aOR) of FPS-AE was 0.37 [95% CI, 0.21 - 0.66] in patients with anatomically difficult airway characteristics and 0.36 [95% CI, 0.19 - 0.67] for patients with physiologically difficult airway characteristics, compared to patients with no difficult airway characteristics. Patients who had both anatomically and physiologically difficult airway characteristics had a further decreased aOR of FPS-AE of 0.19 [95% CI, 0.11 - 0.33].Conclusion: FPS-AE is reduced to a similar degree in patients with anatomically and physiologically difficult airways. Operators should assess and plan for potential physiologic difficulty as is routinely done for anatomically difficulty airways. Optimization strategies to improve FPS-AE for patients with physiologically difficult airways should be studied in randomized controlled trials