Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves

Intel Software Guard Extension (SGX) offers software applications enclave to protect their confidentiality and integrity from malicious operating systems. The SSL/TLS protocol, which is the de facto standard for protecting transport-layer network communications, has been broadly deployed for a secure communication channel. However, in this paper, we show that the marriage between SGX and SSL may not be smooth sailing. Particularly, we consider a category of side-channel attacks against SSL/TLS implementations in secure enclaves, which we call the control-flow inference attacks. In these attacks, the malicious operating system kernel may perform a powerful man-in-the-kernel attack to collect execution traces of the enclave programs at page, cacheline, or branch level, while positioning itself in the middle of the two communicating parties. At the center of our work is a differential analysis framework, dubbed Stacco, to dynamically analyze the SSL/TLS implementations and detect vulnerabilities that can be exploited as decryption oracles. Surprisingly, we found exploitable vulnerabilities in the latest versions of all the SSL/TLS libraries we have examined. To validate the detected vulnerabilities, we developed a man-in-the-kernel adversary to demonstrate Bleichenbacher attacks against the latest OpenSSL library running in the SGX enclave (with the help of Graphene) and completely broke the PreMasterSecret encrypted by a 4096-bit RSA public key with only 57286 queries. We also conducted CBC padding oracle attacks against the latest GnuTLS running in Graphene-SGX and an open-source SGX-implementation of mbedTLS (i.e., mbedTLS-SGX) that runs directly inside the enclave, and showed that it only needs 48388 and 25717 queries, respectively, to break one block of AES ciphertext. Empirical evaluation suggests these man-in-the-kernel attacks can be completed within 1 or 2 hours.Comment: CCS 17, October 30-November 3, 2017, Dallas, TX, US

Emerged HA and NA Mutants of the Pandemic Influenza H1N1 Viruses with Increasing Epidemiological Significance in Taipei and Kaohsiung, Taiwan, 2009–10

The 2009 influenza pandemic provided an opportunity to observe dynamic changes of the hemagglutinin (HA) and neuraminidase (NA) of pH1N1 strains that spread in two metropolitan areas -Taipei and Kaohsiung. We observed cumulative increases of amino acid substitutions of both HA and NA that were higher in the post–peak than in the pre-peak period of the epidemic. About 14.94% and 3.44% of 174 isolates had one and two amino acids changes, respective, in the four antigenic sites. One unique adaptive mutation of HA2 (E374K) was first detected three weeks before the epidemic peak. This mutation evolved through the epidemic, and finally emerged as the major circulated strain, with significantly higher frequency in the post-peak period than in the pre-peak (64.65% vs 9.28%, p<0.0001). E374K persisted until ten months post-nationwide vaccination without further antigenic changes (e.g. prior to the highest selective pressure). In public health measures, the epidemic peaked at seven weeks after oseltamivir treatment was initiated. The emerging E374K mutants spread before the first peak of school class suspension, extended their survival in high-density population areas before vaccination, dominated in the second wave of class suspension, and were fixed as herd immunity developed. The tempo-spatial spreading of E374K mutants was more concentrated during the post–peak (p = 0.000004) in seven districts with higher spatial clusters (p<0.001). This is the first study examining viral changes during the naïve phase of a pandemic of influenza through integrated virological/serological/clinical surveillance, tempo-spatial analysis, and intervention policies. The vaccination increased the percentage of E374K mutants (22.86% vs 72.34%, p<0.001) and significantly elevated the frequency of mutations in Sa antigenic site (2.36% vs 23.40%, p<0.001). Future pre-vaccination public health efforts should monitor amino acids of HA and NA of pandemic influenza viruses isolated at exponential and peak phases in areas with high cluster cases

A transient homotypic interaction model for the influenza A virus NS1 protein effector domain

Influenza A virus NS1 protein is a multifunctional virulence factor consisting of an RNA binding domain (RBD), a short linker, an effector domain (ED), and a C-terminal 'tail'. Although poorly understood, NS1 multimerization may autoregulate its actions. While RBD dimerization seems functionally conserved, two possible apo ED dimers have been proposed (helix-helix and strand-strand). Here, we analyze all available RBD, ED, and full-length NS1 structures, including four novel crystal structures obtained using EDs from divergent human and avian viruses, as well as two forms of a monomeric ED mutant. The data reveal the helix-helix interface as the only strictly conserved ED homodimeric contact. Furthermore, a mutant NS1 unable to form the helix-helix dimer is compromised in its ability to bind dsRNA efficiently, implying that ED multimerization influences RBD activity. Our bioinformatical work also suggests that the helix-helix interface is variable and transient, thereby allowing two ED monomers to twist relative to one another and possibly separate. In this regard, we found a mAb that recognizes NS1 via a residue completely buried within the ED helix-helix interface, and which may help highlight potential different conformational populations of NS1 (putatively termed 'helix-closed' and 'helix-open') in virus-infected cells. 'Helix-closed' conformations appear to enhance dsRNA binding, and 'helix-open' conformations allow otherwise inaccessible interactions with host factors. Our data support a new model of NS1 regulation in which the RBD remains dimeric throughout infection, while the ED switches between several quaternary states in order to expand its functional space. Such a concept may be applicable to other small multifunctional proteins

Protective Effect of Ginseng Polysaccharides on Influenza Viral Infection

Ginseng polysaccharide has been known to have multiple immunomodulatory effects. In this study, we investigated whether Panax ginseng polysaccharide (GP) would have a preventive effect on influenza infection. Administration of mice with GP prior to infection was found to confer a survival benefit against infection with H1N1 (A/PR/8/34) and H3N2 (A/Philippines/82) influenza viruses. Mice infected with the 2009 H1N1 virus suspended in GP solution showed moderately enhanced survival rates and lower levels of lung viral titers and the inflammatory cytokine (IL-6). Daily treatment of vaccinated mice with GP improved their survival against heterosubtypic lethal challenge. This study demonstrates the first evidence that GP can be used as a remedy against influenza viral infection

Impact of caloric and dietary restriction regimens on markers of health and longevity in humans and animals: a summary of available findings

Considerable interest has been shown in the ability of caloric restriction (CR) to improve multiple parameters of health and to extend lifespan. CR is the reduction of caloric intake - typically by 20 - 40% of ad libitum consumption - while maintaining adequate nutrient intake. Several alternatives to CR exist. CR combined with exercise (CE) consists of both decreased caloric intake and increased caloric expenditure. Alternate-day fasting (ADF) consists of two interchanging days; one day, subjects may consume food ad libitum (sometimes equaling twice the normal intake); on the other day, food is reduced or withheld altogether. Dietary restriction (DR) - restriction of one or more components of intake (typically macronutrients) with minimal to no reduction in total caloric intake - is another alternative to CR. Many religions incorporate one or more forms of food restriction. The following religious fasting periods are featured in this review: 1) Islamic Ramadan; 2) the three principal fasting periods of Greek Orthodox Christianity (Nativity, Lent, and the Assumption); and 3) the Biblical-based Daniel Fast. This review provides a summary of the current state of knowledge related to CR and DR. A specific section is provided that illustrates related work pertaining to religious forms of food restriction. Where available, studies involving both humans and animals are presented. The review includes suggestions for future research pertaining to the topics of discussion

May Measurement Month 2018: a pragmatic global screening campaign to raise awareness of blood pressure by the International Society of Hypertension

Aims Raised blood pressure (BP) is the biggest contributor to mortality and disease burden worldwide and fewer than half of those with hypertension are aware of it. May Measurement Month (MMM) is a global campaign set up in 2017, to raise awareness of high BP and as a pragmatic solution to a lack of formal screening worldwide. The 2018 campaign was expanded, aiming to include more participants and countries. Methods and results Eighty-nine countries participated in MMM 2018. Volunteers (≥18 years) were recruited through opportunistic sampling at a variety of screening sites. Each participant had three BP measurements and completed a questionnaire on demographic, lifestyle, and environmental factors. Hypertension was defined as a systolic BP ≥140 mmHg or diastolic BP ≥90 mmHg, or taking antihypertensive medication. In total, 74.9% of screenees provided three BP readings. Multiple imputation using chained equations was used to impute missing readings. 1 504 963 individuals (mean age 45.3 years; 52.4% female) were screened. After multiple imputation, 502 079 (33.4%) individuals had hypertension, of whom 59.5% were aware of their diagnosis and 55.3% were taking antihypertensive medication. Of those on medication, 60.0% were controlled and of all hypertensives, 33.2% were controlled. We detected 224 285 individuals with untreated hypertension and 111 214 individuals with inadequately treated (systolic BP ≥ 140 mmHg or diastolic BP ≥ 90 mmHg) hypertension. Conclusion May Measurement Month expanded significantly compared with 2017, including more participants in more countries. The campaign identified over 335 000 adults with untreated or inadequately treated hypertension. In the absence of systematic screening programmes, MMM was effective at raising awareness at least among these individuals at risk

Differential cross section measurements for the production of a W boson in association with jets in proton–proton collisions at √s = 7 TeV

Measurements are reported of differential cross sections for the production of a W boson, which decays into a muon and a neutrino, in association with jets, as a function of several variables, including the transverse momenta (pT) and pseudorapidities of the four leading jets, the scalar sum of jet transverse momenta (HT), and the difference in azimuthal angle between the directions of each jet and the muon. The data sample of pp collisions at a centre-of-mass energy of 7 TeV was collected with the CMS detector at the LHC and corresponds to an integrated luminosity of 5.0 fb[superscript −1]. The measured cross sections are compared to predictions from Monte Carlo generators, MadGraph + pythia and sherpa, and to next-to-leading-order calculations from BlackHat + sherpa. The differential cross sections are found to be in agreement with the predictions, apart from the pT distributions of the leading jets at high pT values, the distributions of the HT at high-HT and low jet multiplicity, and the distribution of the difference in azimuthal angle between the leading jet and the muon at low values.United States. Dept. of EnergyNational Science Foundation (U.S.)Alfred P. Sloan Foundatio

Impacts of the Tropical Pacific/Indian Oceans on the Seasonal Cycle of the West African Monsoon

The current consensus is that drought has developed in the Sahel during the second half of the twentieth century as a result of remote effects of oceanic anomalies amplified by local land–atmosphere interactions. This paper focuses on the impacts of oceanic anomalies upon West African climate and specifically aims to identify those from SST anomalies in the Pacific/Indian Oceans during spring and summer seasons, when they were significant. Idealized sensitivity experiments are performed with four atmospheric general circulation models (AGCMs). The prescribed SST patterns used in the AGCMs are based on the leading mode of covariability between SST anomalies over the Pacific/Indian Oceans and summer rainfall over West Africa. The results show that such oceanic anomalies in the Pacific/Indian Ocean lead to a northward shift of an anomalous dry belt from the Gulf of Guinea to the Sahel as the season advances. In the Sahel, the magnitude of rainfall anomalies is comparable to that obtained by other authors using SST anomalies confined to the proximity of the Atlantic Ocean. The mechanism connecting the Pacific/Indian SST anomalies with West African rainfall has a strong seasonal cycle. In spring (May and June), anomalous subsidence develops over both the Maritime Continent and the equatorial Atlantic in response to the enhanced equatorial heating. Precipitation increases over continental West Africa in association with stronger zonal convergence of moisture. In addition, precipitation decreases over the Gulf of Guinea. During the monsoon peak (July and August), the SST anomalies move westward over the equatorial Pacific and the two regions where subsidence occurred earlier in the seasons merge over West Africa. The monsoon weakens and rainfall decreases over the Sahel, especially in August.Peer reviewe