Time Protection: the Missing OS Abstraction

Timing channels enable data leakage that threatens the security of computer systems, from cloud platforms to smartphones and browsers executing untrusted third-party code. Preventing unauthorised information flow is a core duty of the operating system, however, present OSes are unable to prevent timing channels. We argue that OSes must provide time protection in addition to the established memory protection. We examine the requirements of time protection, present a design and its implementation in the seL4 microkernel, and evaluate its efficacy as well as performance overhead on Arm and x86 processors

MicroWalk: A Framework for Finding Side Channels in Binaries

Microarchitectural side channels expose unprotected software to information leakage attacks where a software adversary is able to track runtime behavior of a benign process and steal secrets such as cryptographic keys. As suggested by incremental software patches for the RSA algorithm against variants of side-channel attacks within different versions of cryptographic libraries, protecting security-critical algorithms against side channels is an intricate task. Software protections avoid leakages by operating in constant time with a uniform resource usage pattern independent of the processed secret. In this respect, automated testing and verification of software binaries for leakage-free behavior is of importance, particularly when the source code is not available. In this work, we propose a novel technique based on Dynamic Binary Instrumentation and Mutual Information Analysis to efficiently locate and quantify memory based and control-flow based microarchitectural leakages. We develop a software framework named \tool~for side-channel analysis of binaries which can be extended to support new classes of leakage. For the first time, by utilizing \tool, we perform rigorous leakage analysis of two widely-used closed-source cryptographic libraries: \emph{Intel IPP} and \emph{Microsoft CNG}. We analyze $15$ different cryptographic implementations consisting of $112$ million instructions in about $105$ minutes of CPU time. By locating previously unknown leakages in hardened implementations, our results suggest that \tool~can efficiently find microarchitectural leakages in software binaries

Post-quantum cryptography

Cryptography is essential for the security of online communication, cars and implanted medical devices. However, many commonly used cryptosystems will be completely broken once large quantum computers exist. Post-quantum cryptography is cryptography under the assumption that the attacker has a large quantum computer; post-quantum cryptosystems strive to remain secure even in this scenario. This relatively young research area has seen some successes in identifying mathematical operations for which quantum algorithms offer little advantage in speed, and then building cryptographic systems around those. The central challenge in post-quantum cryptography is to meet demands for cryptographic usability and flexibility without sacrificing confidence.</p

Emergence of novel human norovirus GII.17 strains correlates with changes in blockade antibody epitopes

Background Human norovirus is a significant public health burden, with >30 genotypes causing endemic levels of disease and strains from the GII.4 genotype causing serial pandemics as the virus evolves new ligand binding and antigenicity features. During 2014–2015, genotype GII.17 cluster IIIb strains emerged as the leading cause of norovirus infection in select global locations. Comparison of capsid sequences indicates that GII.17 is evolving at previously defined GII.4 antibody epitopes. Methods Antigenicity of virus-like particles (VLPs) representative of clusters I, II, and IIIb GII.17 strains were compared by a surrogate neutralization assay based on antibody blockade of ligand binding. Results Sera from mice immunized with a single GII.17 VLP identified antigenic shifts between each cluster of GII.17 strains. Ligand binding of GII.17 cluster IIIb VLP was blocked only by antisera from mice immunized with cluster IIIb VLPs. Exchange of residues 393–396 from GII.17.2015 into GII.17.1978 ablated ligand binding and altered antigenicity, defining an important varying epitope in GII.17. Conclusions The capsid sequence changes in GII.17 strains result in loss of blockade antibody binding, indicating that viral evolution, specifically at residues 393–396, may have contributed to the emergence of cluster IIIb strains and the persistence of GII.17 in human populations

Healthcare Reform and the Next Generation: United States Medical Student Attitudes toward the Patient Protection and Affordable Care Act

CONTEXT: Over one year after passage of the Patient Protection and Affordable Care Act (PPACA), legislators, healthcare experts, physicians, and the general public continue to debate the implications of the law and its repeal. The PPACA will have a significant impact on future physicians, yet medical student perspectives on the legislation have not been well documented. OBJECTIVE: To evaluate medical students' understanding of and attitudes toward healthcare reform and the PPACA including issues of quality, access and cost. DESIGN, SETTING, AND PARTICIPANTS: An anonymous electronic survey was sent to medical students at 10 medical schools (total of 6982 students) between October-December 2010, with 1232 students responding and a response rate of 18%. MAIN OUTCOME MEASURES: Medical students' views and attitudes regarding the PPACA and related topics, measured with Likert scale and open response items. RESULTS: Of medical students surveyed, 94.8% agreed that the existing United States healthcare system needs to be reformed, 31.4% believed the PPACA will improve healthcare quality, while 20.9% disagreed and almost half (47.7%) were unsure if quality will be improved. Two thirds (67.6%) believed that the PPACA will increase access, 6.5% disagreed and the remaining 25.9% were unsure. With regard to containing healthcare costs, 45.4% of participants indicated that they are unsure if the provisions of the PPACA will do so. Overall, 80.1% of respondents indicated that they support the PPACA, and 78.3% also indicated that they did not feel that reform efforts had gone far enough. A majority of respondents (58.8%) opposed repeal of the PPACA, while 15.0% supported repeal, and 26.1% were undecided. CONCLUSION: The overwhelming majority of medical students recognized healthcare reform is needed and expressed support for the PPACA but echoed concerns about whether it will address issues of quality or cost containment

Multilevel Parallelization of AutoDock 4.2

<p>Abstract</p> <p>Background</p> <p>Virtual (computational) screening is an increasingly important tool for drug discovery. AutoDock is a popular open-source application for performing molecular docking, the prediction of ligand-receptor interactions. AutoDock is a serial application, though several previous efforts have parallelized various aspects of the program. In this paper, we report on a multi-level parallelization of AutoDock 4.2 (mpAD4).</p> <p>Results</p> <p>Using MPI and OpenMP, AutoDock 4.2 was parallelized for use on MPI-enabled systems and to multithread the execution of individual docking jobs. In addition, code was implemented to reduce input/output (I/O) traffic by reusing grid maps at each node from docking to docking. Performance of mpAD4 was examined on two multiprocessor computers.</p> <p>Conclusions</p> <p>Using MPI with OpenMP multithreading, mpAD4 scales with near linearity on the multiprocessor systems tested. In situations where I/O is limiting, reuse of grid maps reduces both system I/O and overall screening time. Multithreading of AutoDock's Lamarkian Genetic Algorithm with OpenMP increases the speed of execution of individual docking jobs, and when combined with MPI parallelization can significantly reduce the execution time of virtual screens. This work is significant in that mpAD4 speeds the execution of certain molecular docking workloads and allows the user to optimize the degree of system-level (MPI) and node-level (OpenMP) parallelization to best fit both workloads and computational resources.</p

Trends in upper gastrointestinal diagnosis over four decades in Lusaka, Zambia: a retrospective analysis of endoscopic findings

BACKGROUND AND AIMS: There a shortage of robust information about profiles of gastrointestinal disease in sub-Saharan Africa. The endoscopy unit of the University Teaching Hospital in Lusaka has been running without interruption since 1977 and this 38-year record is largely intact. We report an analysis of endoscopic findings over this period. METHODS: Written endoscopy records from 29th September 1977 to 16th December 2014 were recovered, computerised, coded by two experienced endoscopists and analysed. Temporal trends were analysed using tables, graphs, and unconditional logistic regression, with age, sex of patient, decade, and endoscopist as independent variables to adjust for inter-observer variation. RESULTS: Sixteen thousand nine hundred fifty-three records were identified and analysed. Diagnosis of gastric ulcer rose by 22 %, and that of duodenal ulcer fell by 14 % per decade. Endoscopically diagnosed oesophageal cancer increased by 32 % per decade, but gastric cancer rose only in patients under 60 years of age (21 % per decade). Oesophageal varices were the commonest finding in patients presenting with haematemesis, increasing by 14 % per decade in that patient group. Two HIV-related diagnoses, oesophageal candidiasis and Kaposi’s sarcoma, rose from almost zero to very high levels in the 1990s but fell substantially after 2005 when anti-retroviral therapy became widely available. CONCLUSIONS: This useful dataset suggests that there are important trends in some endoscopic findings over four decades. These trends are not explained by inter-observer variation. Reasons for the divergent trends in incidence of peptic ulceration and apparent trends in diagnosis of upper gastrointestinal cancers merit further exploration