TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone

The rapid evolution of Internet-of-Things (IoT) technologies has led to an emerging need to make it smarter. A variety of applications now run simultaneously on an ARM-based processor. For example, devices on the edge of the Internet are provided with higher horsepower to be entrusted with storing, processing and analyzing data collected from IoT devices. This significantly improves efficiency and reduces the amount of data that needs to be transported to the cloud for data processing, analysis and storage. However, commodity OSes are prone to compromise. Once they are exploited, attackers can access the data on these devices. Since the data stored and processed on the devices can be sensitive, left untackled, this is particularly disconcerting. In this paper, we propose a new system, TrustShadow that shields legacy applications from untrusted OSes. TrustShadow takes advantage of ARM TrustZone technology and partitions resources into the secure and normal worlds. In the secure world, TrustShadow constructs a trusted execution environment for security-critical applications. This trusted environment is maintained by a lightweight runtime system that coordinates the communication between applications and the ordinary OS running in the normal world. The runtime system does not provide system services itself. Rather, it forwards requests for system services to the ordinary OS, and verifies the correctness of the responses. To demonstrate the efficiency of this design, we prototyped TrustShadow on a real chip board with ARM TrustZone support, and evaluated its performance using both microbenchmarks and real-world applications. We showed TrustShadow introduces only negligible overhead to real-world applications.Comment: MobiSys 201

Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves

Intel Software Guard Extension (SGX) offers software applications enclave to protect their confidentiality and integrity from malicious operating systems. The SSL/TLS protocol, which is the de facto standard for protecting transport-layer network communications, has been broadly deployed for a secure communication channel. However, in this paper, we show that the marriage between SGX and SSL may not be smooth sailing. Particularly, we consider a category of side-channel attacks against SSL/TLS implementations in secure enclaves, which we call the control-flow inference attacks. In these attacks, the malicious operating system kernel may perform a powerful man-in-the-kernel attack to collect execution traces of the enclave programs at page, cacheline, or branch level, while positioning itself in the middle of the two communicating parties. At the center of our work is a differential analysis framework, dubbed Stacco, to dynamically analyze the SSL/TLS implementations and detect vulnerabilities that can be exploited as decryption oracles. Surprisingly, we found exploitable vulnerabilities in the latest versions of all the SSL/TLS libraries we have examined. To validate the detected vulnerabilities, we developed a man-in-the-kernel adversary to demonstrate Bleichenbacher attacks against the latest OpenSSL library running in the SGX enclave (with the help of Graphene) and completely broke the PreMasterSecret encrypted by a 4096-bit RSA public key with only 57286 queries. We also conducted CBC padding oracle attacks against the latest GnuTLS running in Graphene-SGX and an open-source SGX-implementation of mbedTLS (i.e., mbedTLS-SGX) that runs directly inside the enclave, and showed that it only needs 48388 and 25717 queries, respectively, to break one block of AES ciphertext. Empirical evaluation suggests these man-in-the-kernel attacks can be completed within 1 or 2 hours.Comment: CCS 17, October 30-November 3, 2017, Dallas, TX, US

Identification of an Endogenous Ligand Bound to a Native Orphan Nuclear Receptor

Orphan nuclear receptors have been instrumental in identifying novel signaling pathways and therapeutic targets. However, identification of ligands for these receptors has often been based on random compound screens or other biased approaches. As a result, it remains unclear in many cases if the reported ligands are the true endogenous ligands, – i.e., the ligand that is bound to the receptor in an unperturbed in vivo setting. Technical limitations have limited our ability to identify ligands based on this rigorous definition. The orphan receptor hepatocyte nuclear factor 4 α (HNF4α) is a key regulator of many metabolic pathways and linked to several diseases including diabetes, atherosclerosis, hemophilia and cancer. Here we utilize an affinity isolation/mass-spectrometry (AIMS) approach to demonstrate that HNF4α is selectively occupied by linoleic acid (LA, C18:2ω6) in mammalian cells and in the liver of fed mice. Receptor occupancy is dramatically reduced in the fasted state and in a receptor carrying a mutation derived from patients with Maturity Onset Diabetes of the Young 1 (MODY1). Interestingly, however, ligand occupancy does not appear to have a significant effect on HNF4α transcriptional activity, as evidenced by genome-wide expression profiling in cells derived from human colon. We also use AIMS to show that LA binding is reversible in intact cells, indicating that HNF4α could be a viable drug target. This study establishes a general method to identify true endogenous ligands for nuclear receptors (and other lipid binding proteins), independent of transcriptional function, and to track in vivo receptor occupancy under physiologically relevant conditions

The validity of using ICD-9 codes and pharmacy records to identify patients with chronic obstructive pulmonary disease

Background: Administrative data is often used to identify patients with chronic obstructive pulmonary disease (COPD), yet the validity of this approach is unclear. We sought to develop a predictive model utilizing administrative data to accurately identify patients with COPD. Methods: Sequential logistic regression models were constructed using 9573 patients with postbronchodilator spirometry at two Veterans Affairs medical centers (2003-2007). COPD was defined as: 1) FEV1/FVC <0.70, and 2) FEV1/FVC < lower limits of normal. Model inputs included age, outpatient or inpatient COPD-related ICD-9 codes, and the number of metered does inhalers (MDI) prescribed over the one year prior to and one year post spirometry. Model performance was assessed using standard criteria. Results: 4564 of 9573 patients (47.7%) had an FEV1/FVC < 0.70. The presence of ≥1 outpatient COPD visit had a sensitivity of 76% and specificity of 67%; the AUC was 0.75 (95% CI 0.74-0.76). Adding the use of albuterol MDI increased the AUC of this model to 0.76 (95% CI 0.75-0.77) while the addition of ipratropium bromide MDI increased the AUC to 0.77 (95% CI 0.76-0.78). The best performing model included: ≥6 albuterol MDI, ≥3 ipratropium MDI, ≥1 outpatient ICD-9 code, ≥1 inpatient ICD-9 code, and age, achieving an AUC of 0.79 (95% CI 0.78-0.80). Conclusion: Commonly used definitions of COPD in observational studies misclassify the majority of patients as having COPD. Using multiple diagnostic codes in combination with pharmacy data improves the ability to accurately identify patients with COPD.Department of Veterans Affairs, Health Services Research and Development (DHA), American Lung Association (CI- 51755-N) awarded to DHA, the American Thoracic Society Fellow Career Development AwardPeer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/84155/1/Cooke - ICD9 validity in COPD.pd

A transient homotypic interaction model for the influenza A virus NS1 protein effector domain

Influenza A virus NS1 protein is a multifunctional virulence factor consisting of an RNA binding domain (RBD), a short linker, an effector domain (ED), and a C-terminal 'tail'. Although poorly understood, NS1 multimerization may autoregulate its actions. While RBD dimerization seems functionally conserved, two possible apo ED dimers have been proposed (helix-helix and strand-strand). Here, we analyze all available RBD, ED, and full-length NS1 structures, including four novel crystal structures obtained using EDs from divergent human and avian viruses, as well as two forms of a monomeric ED mutant. The data reveal the helix-helix interface as the only strictly conserved ED homodimeric contact. Furthermore, a mutant NS1 unable to form the helix-helix dimer is compromised in its ability to bind dsRNA efficiently, implying that ED multimerization influences RBD activity. Our bioinformatical work also suggests that the helix-helix interface is variable and transient, thereby allowing two ED monomers to twist relative to one another and possibly separate. In this regard, we found a mAb that recognizes NS1 via a residue completely buried within the ED helix-helix interface, and which may help highlight potential different conformational populations of NS1 (putatively termed 'helix-closed' and 'helix-open') in virus-infected cells. 'Helix-closed' conformations appear to enhance dsRNA binding, and 'helix-open' conformations allow otherwise inaccessible interactions with host factors. Our data support a new model of NS1 regulation in which the RBD remains dimeric throughout infection, while the ED switches between several quaternary states in order to expand its functional space. Such a concept may be applicable to other small multifunctional proteins

Albumin Adducts of Electrophilic Benzene Metabolites in Benzene-Exposed and Control Workers

BACKGROUND: Metabolism of benzene produces reactive electrophiles, including benzene oxide (BO), 1,4-benzoquinone (1,4-BQ), and 1,2-benzoquinone (1,2-BQ), that are capable of reacting with blood proteins to produce adducts. OBJECTIVES: The main purpose of this study was to characterize relationships between levels of albumin adducts of these electrophiles in blood and the corresponding benzene exposures in benzene-exposed and control workers, after adjusting for important covariates. Because second blood samples were obtained from a subset of exposed workers, we also desired to estimate within-person and between-person variance components for the three adducts. METHODS: We measured albumin adducts and benzene exposures in 250 benzene-exposed workers (exposure range, 0.26–54.5 ppm) and 140 control workers (exposure range < 0.01–0.53 ppm) from Tianjin, China. Separate multiple linear regression models were fitted to the logged adduct levels for workers exposed to benzene < 1 ppm and ≥ 1 ppm. Mixed-effects models were used to estimate within-person and between-person variance components of adduct levels. RESULTS: We observed nonlinear (hockey-stick shaped) exposure–adduct relationships in log-scale, with inflection points between about 0.5 and 5 ppm. These inflection points represent air concentrations at which benzene contributed marginally to background adducts derived from smoking and from dietary and endogenous sources. Adduct levels were significantly affected by the blood-collection medium (serum or plasma containing either heparin or EDTA), smoking, age, and body mass index. When model predictions of adduct levels were plotted versus benzene exposure ≥ 1 ppm, we observed marked downward concavity, particularly for adducts of the benzoquinones. The between-person variance component of adduct levels increased in the order 1,2-BQ < 1,4-BQ < BO, whereas the within-person variance components of the three adducts followed the reverse order. CONCLUSIONS: Although albumin adducts of BO and the benzoquinones reflect exposures to benzene ≥ 1 ppm, they would not be useful biomarkers of exposure at ambient levels of benzene, which tend to be < 0.01 ppm, or in those working populations where exposures are consistently < 1 ppm. The concavity of exposure–adduct relationships is consistent with saturable metabolism of benzene at air concentrations > 1 ppm. The surprisingly large effect of the blood-collection medium on adduct levels, particularly those of the benzoquinones, should be further investigated

Genome-wide analyses for personality traits identify six genomic loci and show correlations with psychiatric disorders

Personality is influenced by genetic and environmental factors1 and associated with mental health. However, the underlying genetic determinants are largely unknown. We identified six genetic loci, including five novel loci2,3, significantly associated with personality traits in a meta-analysis of genome-wide association studies (N = 123,132–260,861). Of these genomewide significant loci, extraversion was associated with variants in WSCD2 and near PCDH15, and neuroticism with variants on chromosome 8p23.1 and in L3MBTL2. We performed a principal component analysis to extract major dimensions underlying genetic variations among five personality traits and six psychiatric disorders (N = 5,422–18,759). The first genetic dimension separated personality traits and psychiatric disorders, except that neuroticism and openness to experience were clustered with the disorders. High genetic correlations were found between extraversion and attention-deficit– hyperactivity disorder (ADHD) and between openness and schizophrenia and bipolar disorder. The second genetic dimension was closely aligned with extraversion–introversion and grouped neuroticism with internalizing psychopathology (e.g., depression or anxiety)

Determining the neurotransmitter concentration profile at active synapses

Establishing the temporal and concentration profiles of neurotransmitters during synaptic release is an essential step towards understanding the basic properties of inter-neuronal communication in the central nervous system. A variety of ingenious attempts has been made to gain insights into this process, but the general inaccessibility of central synapses, intrinsic limitations of the techniques used, and natural variety of different synaptic environments have hindered a comprehensive description of this fundamental phenomenon. Here, we describe a number of experimental and theoretical findings that has been instrumental for advancing our knowledge of various features of neurotransmitter release, as well as newly developed tools that could overcome some limits of traditional pharmacological approaches and bring new impetus to the description of the complex mechanisms of synaptic transmission

Positive Feedback Regulation between Phospholipase D and Wnt Signaling Promotes Wnt-Driven Anchorage-Independent Growth of Colorectal Cancer Cells

Aberrant activation of the canonical Wnt/β-catenin pathway occurs in almost all colorectal cancers and contributes to their growth, invasion and survival. Phopholipase D (PLD) has been implicated in progression of colorectal carcinoma However, an understanding of the targets and regulation of this important pathway remains incomplete and besides, relationship between Wnt signaling and PLD is not known.Here, we demonstrate that PLD isozymes, PLD1 and PLD2 are direct targets and positive feedback regulators of the Wnt/β-catenin signaling. Wnt3a and Wnt mimetics significantly enhanced the expression of PLDs at a transcriptional level in HCT116 colorectal cancer cells, whereas silencing of β-catenin gene expression or utilization of a dominant negative form of T cell factor-4 (TCF-4) inhibited expression of PLDs. Moreover, both PLD1 and PLD2 were highly induced in colon, liver and stomach tissues of mice after injection of LiCl, a Wnt mimetic. Wnt3a stimulated formation of the β-catenin/TCF complexes to two functional TCF-4-binding elements within the PLD2 promoter as assessed by chromatin immunoprecipitation assay. Suppressing PLD using gene silencing or selective inhibitor blocked the ability of β-catenin to transcriptionally activate PLD and other Wnt target genes by preventing formation of the β-catenin/TCF-4 complex, whereas tactics to elevate intracellular levels of phosphatidic acid, the product of PLD activity, enhanced these effects. Here we show that PLD is necessary for Wnt3a-driven invasion and anchorage-independent growth of colon cancer cells.PLD isozyme acts as a novel transcriptional target and positive feedback regulator of Wnt signaling, and then promotes Wnt-driven anchorage-independent growth of colorectal cancer cells. We propose that therapeutic interventions targeting PLD may confer a clinical benefit in Wnt/β-catenin-driven malignancies

Narcissism and prosocial behavior

There are many motivations for prosocial behavior, some more altruistic and some more egoistic. We posit that more narcissistic people may perform prosocial acts strategically, for example, to improve their reputations or to receive something in return