Access-rights Analysis in the Presence of Subjects

Modern software development and run-time environments, such as Java and the Microsoft .NET Common Language Runtime (CLR), have adopted a declarative form of access control. Permissions are granted to code providers, and during execution, the platform verifies compatibility between the permissions required by a security-sensitive operation and those granted to the executing code. While convenient, configuring the access-control policy of a program is not easy. If a code component is not granted sufficient permissions, authorization failures may occur. Thus, security administrators tend to define overly permissive policies, which violate the Principle of Least Privilege (PLP). A considerable body of research has been devoted to building program-analysis tools for computing the optimal policy for a program. However, Java and the CLR also allow executing code under the authority of a subject (user or service), and no program-analysis solution has addressed the challenges of determining the policy of a program in the presence of subjects. This paper introduces Subject Access Rights Analysis (SARA), a novel analysis algorithm for statically computing the permissions required by subjects at run time. We have applied SARA to 348 libraries in IBM WebSphere Application Server - a commercial enterprise application server written in Java that consists of >2 million lines of code and is required to support the Java permission- and subject-based security model. SARA detected 263 PLP violations, 219 cases of policies with missing permissions, and 29 bugs that led code to be unnecessarily executed under the authority of a subject. SARA corrected all these vulnerabilities automatically, and additionally synthesized fresh policies for all the libraries, with a false-positive rate of 5% and an average running time of 103 seconds per library. SARA also implements mechanisms for mitigating the risk of false negatives due to reflection and native code; according to a thorough result evaluation based on testing, no false negative was detected. SARA enabled IBM WebSphere Application Server to receive the Common Criteria for Information Technology Security Evaluation Assurance Level 4 certification

A novel formulation of inhaled sodium cromoglicate (PA101) in idiopathic pulmonary fibrosis and chronic cough: a randomised, double-blind, proof-of-concept, phase 2 trial

Background Cough can be a debilitating symptom of idiopathic pulmonary fibrosis (IPF) and is difficult to treat. PA101 is a novel formulation of sodium cromoglicate delivered via a high-efficiency eFlow nebuliser that achieves significantly higher drug deposition in the lung compared with the existing formulations. We aimed to test the efficacy and safety of inhaled PA101 in patients with IPF and chronic cough and, to explore the antitussive mechanism of PA101, patients with chronic idiopathic cough (CIC) were also studied. Methods This pilot, proof-of-concept study consisted of a randomised, double-blind, placebo-controlled trial in patients with IPF and chronic cough and a parallel study of similar design in patients with CIC. Participants with IPF and chronic cough recruited from seven centres in the UK and the Netherlands were randomly assigned (1:1, using a computer-generated randomisation schedule) by site staff to receive PA101 (40 mg) or matching placebo three times a day via oral inhalation for 2 weeks, followed by a 2 week washout, and then crossed over to the other arm. Study participants, investigators, study staff, and the sponsor were masked to group assignment until all participants had completed the study. The primary efficacy endpoint was change from baseline in objective daytime cough frequency (from 24 h acoustic recording, Leicester Cough Monitor). The primary efficacy analysis included all participants who received at least one dose of study drug and had at least one post-baseline efficacy measurement. Safety analysis included all those who took at least one dose of study drug. In the second cohort, participants with CIC were randomly assigned in a study across four centres with similar design and endpoints. The study was registered with ClinicalTrials.gov (NCT02412020) and the EU Clinical Trials Register (EudraCT Number 2014-004025-40) and both cohorts are closed to new participants. Findings Between Feb 13, 2015, and Feb 2, 2016, 24 participants with IPF were randomly assigned to treatment groups. 28 participants with CIC were enrolled during the same period and 27 received study treatment. In patients with IPF, PA101 reduced daytime cough frequency by 31·1% at day 14 compared with placebo; daytime cough frequency decreased from a mean 55 (SD 55) coughs per h at baseline to 39 (29) coughs per h at day 14 following treatment with PA101, versus 51 (37) coughs per h at baseline to 52 (40) cough per h following placebo treatment (ratio of least-squares [LS] means 0·67, 95% CI 0·48–0·94, p=0·0241). By contrast, no treatment benefit for PA101 was observed in the CIC cohort; mean reduction of daytime cough frequency at day 14 for PA101 adjusted for placebo was 6·2% (ratio of LS means 1·27, 0·78–2·06, p=0·31). PA101 was well tolerated in both cohorts. The incidence of adverse events was similar between PA101 and placebo treatments, most adverse events were mild in severity, and no severe adverse events or serious adverse events were reported. Interpretation This study suggests that the mechanism of cough in IPF might be disease specific. Inhaled PA101 could be a treatment option for chronic cough in patients with IPF and warrants further investigation

Multiorgan MRI findings after hospitalisation with COVID-19 in the UK (C-MORE): a prospective, multicentre, observational cohort study

Introduction: The multiorgan impact of moderate to severe coronavirus infections in the post-acute phase is still poorly understood. We aimed to evaluate the excess burden of multiorgan abnormalities after hospitalisation with COVID-19, evaluate their determinants, and explore associations with patient-related outcome measures. Methods: In a prospective, UK-wide, multicentre MRI follow-up study (C-MORE), adults (aged ≥18 years) discharged from hospital following COVID-19 who were included in Tier 2 of the Post-hospitalisation COVID-19 study (PHOSP-COVID) and contemporary controls with no evidence of previous COVID-19 (SARS-CoV-2 nucleocapsid antibody negative) underwent multiorgan MRI (lungs, heart, brain, liver, and kidneys) with quantitative and qualitative assessment of images and clinical adjudication when relevant. Individuals with end-stage renal failure or contraindications to MRI were excluded. Participants also underwent detailed recording of symptoms, and physiological and biochemical tests. The primary outcome was the excess burden of multiorgan abnormalities (two or more organs) relative to controls, with further adjustments for potential confounders. The C-MORE study is ongoing and is registered with ClinicalTrials.gov, NCT04510025. Findings: Of 2710 participants in Tier 2 of PHOSP-COVID, 531 were recruited across 13 UK-wide C-MORE sites. After exclusions, 259 C-MORE patients (mean age 57 years [SD 12]; 158 [61%] male and 101 [39%] female) who were discharged from hospital with PCR-confirmed or clinically diagnosed COVID-19 between March 1, 2020, and Nov 1, 2021, and 52 non-COVID-19 controls from the community (mean age 49 years [SD 14]; 30 [58%] male and 22 [42%] female) were included in the analysis. Patients were assessed at a median of 5·0 months (IQR 4·2–6·3) after hospital discharge. Compared with non-COVID-19 controls, patients were older, living with more obesity, and had more comorbidities. Multiorgan abnormalities on MRI were more frequent in patients than in controls (157 [61%] of 259 vs 14 [27%] of 52; p<0·0001) and independently associated with COVID-19 status (odds ratio [OR] 2·9 [95% CI 1·5–5·8]; padjusted=0·0023) after adjusting for relevant confounders. Compared with controls, patients were more likely to have MRI evidence of lung abnormalities (p=0·0001; parenchymal abnormalities), brain abnormalities (p<0·0001; more white matter hyperintensities and regional brain volume reduction), and kidney abnormalities (p=0·014; lower medullary T1 and loss of corticomedullary differentiation), whereas cardiac and liver MRI abnormalities were similar between patients and controls. Patients with multiorgan abnormalities were older (difference in mean age 7 years [95% CI 4–10]; mean age of 59·8 years [SD 11·7] with multiorgan abnormalities vs mean age of 52·8 years [11·9] without multiorgan abnormalities; p<0·0001), more likely to have three or more comorbidities (OR 2·47 [1·32–4·82]; padjusted=0·0059), and more likely to have a more severe acute infection (acute CRP >5mg/L, OR 3·55 [1·23–11·88]; padjusted=0·025) than those without multiorgan abnormalities. Presence of lung MRI abnormalities was associated with a two-fold higher risk of chest tightness, and multiorgan MRI abnormalities were associated with severe and very severe persistent physical and mental health impairment (PHOSP-COVID symptom clusters) after hospitalisation. Interpretation: After hospitalisation for COVID-19, people are at risk of multiorgan abnormalities in the medium term. Our findings emphasise the need for proactive multidisciplinary care pathways, with the potential for imaging to guide surveillance frequency and therapeutic stratification

Physical, cognitive, and mental health impacts of COVID-19 after hospitalisation (PHOSP-COVID): a UK multicentre, prospective cohort study

Background The impact of COVID-19 on physical and mental health and employment after hospitalisation with acute disease is not well understood. The aim of this study was to determine the effects of COVID-19-related hospitalisation on health and employment, to identify factors associated with recovery, and to describe recovery phenotypes. Methods The Post-hospitalisation COVID-19 study (PHOSP-COVID) is a multicentre, long-term follow-up study of adults (aged ≥18 years) discharged from hospital in the UK with a clinical diagnosis of COVID-19, involving an assessment between 2 and 7 months after discharge, including detailed recording of symptoms, and physiological and biochemical testing. Multivariable logistic regression was done for the primary outcome of patient-perceived recovery, with age, sex, ethnicity, body-mass index, comorbidities, and severity of acute illness as covariates. A post-hoc cluster analysis of outcomes for breathlessness, fatigue, mental health, cognitive impairment, and physical performance was done using the clustering large applications k-medoids approach. The study is registered on the ISRCTN Registry (ISRCTN10980107). Findings We report findings for 1077 patients discharged from hospital between March 5 and Nov 30, 2020, who underwent assessment at a median of 5·9 months (IQR 4·9–6·5) after discharge. Participants had a mean age of 58 years (SD 13); 384 (36%) were female, 710 (69%) were of white ethnicity, 288 (27%) had received mechanical ventilation, and 540 (50%) had at least two comorbidities. At follow-up, only 239 (29%) of 830 participants felt fully recovered, 158 (20%) of 806 had a new disability (assessed by the Washington Group Short Set on Functioning), and 124 (19%) of 641 experienced a health-related change in occupation. Factors associated with not recovering were female sex, middle age (40–59 years), two or more comorbidities, and more severe acute illness. The magnitude of the persistent health burden was substantial but only weakly associated with the severity of acute illness. Four clusters were identified with different severities of mental and physical health impairment (n=767): very severe (131 patients, 17%), severe (159, 21%), moderate along with cognitive impairment (127, 17%), and mild (350, 46%). Of the outcomes used in the cluster analysis, all were closely related except for cognitive impairment. Three (3%) of 113 patients in the very severe cluster, nine (7%) of 129 in the severe cluster, 36 (36%) of 99 in the moderate cluster, and 114 (43%) of 267 in the mild cluster reported feeling fully recovered. Persistently elevated serum C-reactive protein was positively associated with cluster severity. Interpretation We identified factors related to not recovering after hospital admission with COVID-19 at 6 months after discharge (eg, female sex, middle age, two or more comorbidities, and more acute severe illness), and four different recovery phenotypes. The severity of physical and mental health impairments were closely related, whereas cognitive health impairments were independent. In clinical care, a proactive approach is needed across the acute severity spectrum, with interdisciplinary working, wide access to COVID-19 holistic clinical services, and the potential to stratify care. Funding UK Research and Innovation and National Institute for Health Research

Synergies among Testing, Verification, and Repair for Concurrent Programs (Dagstuhl Seminar 16201)

This report documents the program and the outcomes of Dagstuhl Seminar 16201 "Synergies among Testing, Verification, and Repair for Concurrent Programs". This seminar builds upon, and is inspired by, several past seminars on program testing, verification, repair and combinations thereof. These include Dagstuhl Seminar 13021 "Symbolic Methods in Testing"; Dagstuhl Seminar 13061 "Fault Prediction, Localization and Repair"; Dagstuhl Seminar 14171 "Evaluating Software Verification Systems: Benchmarks and Competitions"; Dagstuhl Seminar 14352 "Next Generation Static Software Analysis Tools"; Dagstuhl Seminar 14442 "Symbolic Execution and Constraint Solving"; and Dagstuhl Seminar 15191 "Compositional Verification Methods for Next-Generation Concurrency". These were held in January 2013; February 2013; April 2014; August 2014; October 2014; and May 2015, respectively. Two notable contributions of Dagstuhl Seminar 16201, which distinguish it from these past seminars, are (i) the focus on concurrent programming, which introduces significant challenges to testing, verification and repair tools, as well as (ii) the goal of identifying and exploiting synergies between the testing, verification and repair research communities in light of common needs and goals

Grail: Context-Aware Fixing of Concurrency Bugs

Writing ecient synchronization for multithreaded programs is notoriously hard. The resulting code often contains subtle concurrency bugs. Even worse, many bug xes introduce new bugs. A classic example, seen widely in practice, is dead- locks resulting from xing of an atomicity violation. These complexities have motivated the development of automated xing techniques. Current techniques generate xes that are typically conservative, giving up on available parallelism. Moreover, some of the techniques cannot guarantee the cor- rectness of a x, and may introduce deadlocks similarly to manual x, whereas techniques that ensure correctness do so at the expense of even greater performance loss. We present Grail, a novel xing algorithm that departs from previous techniques by simultaneously providing both correctness and optimality guarantees. Grail synthesizes bug- free yet optimal lock-based synchronization. To achieve this, Grail builds an analysis model of the buggy code that is both contextual, distinguishing dierent aliasing contexts to ensure eciency, and global, accounting for the entire synchronization behavior of the involved threads to ensure correctness. Evaluation of Grail on 12 bugs from popular codebases conrms its practical advantages, especially com- pared with existing techniques: Grail patches are, in general, 40% more ecient than the patches produced by other techniques, and incur only 2% overhead