An Interesting Correspondence: A Discussion Between C. E. W. Dorris and Miss Nora Yount (Christians) and A. E. Clement, W. H. Lovell, Chas. B. Galloway, and Geo W. Nackles (Methodists).

https://digitalcommons.acu.edu/crs_books/1092/thumbnail.jp

Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves

Intel Software Guard Extension (SGX) offers software applications enclave to protect their confidentiality and integrity from malicious operating systems. The SSL/TLS protocol, which is the de facto standard for protecting transport-layer network communications, has been broadly deployed for a secure communication channel. However, in this paper, we show that the marriage between SGX and SSL may not be smooth sailing. Particularly, we consider a category of side-channel attacks against SSL/TLS implementations in secure enclaves, which we call the control-flow inference attacks. In these attacks, the malicious operating system kernel may perform a powerful man-in-the-kernel attack to collect execution traces of the enclave programs at page, cacheline, or branch level, while positioning itself in the middle of the two communicating parties. At the center of our work is a differential analysis framework, dubbed Stacco, to dynamically analyze the SSL/TLS implementations and detect vulnerabilities that can be exploited as decryption oracles. Surprisingly, we found exploitable vulnerabilities in the latest versions of all the SSL/TLS libraries we have examined. To validate the detected vulnerabilities, we developed a man-in-the-kernel adversary to demonstrate Bleichenbacher attacks against the latest OpenSSL library running in the SGX enclave (with the help of Graphene) and completely broke the PreMasterSecret encrypted by a 4096-bit RSA public key with only 57286 queries. We also conducted CBC padding oracle attacks against the latest GnuTLS running in Graphene-SGX and an open-source SGX-implementation of mbedTLS (i.e., mbedTLS-SGX) that runs directly inside the enclave, and showed that it only needs 48388 and 25717 queries, respectively, to break one block of AES ciphertext. Empirical evaluation suggests these man-in-the-kernel attacks can be completed within 1 or 2 hours.Comment: CCS 17, October 30-November 3, 2017, Dallas, TX, US

Correlation of PROMIS scales and clinical measures among chronic obstructive pulmonary disease patients with and without exacerbations

The Patient-Reported Outcomes Measurement Information System (PROMIS®) initiative was developed to advance the methodology of PROs applicable to chronic diseases. Chronic obstructive pulmonary disease (COPD) is a progressive chronic disease associated with poor health. This study was designed to examine the correlation of PROMIS health-related quality of life (HRQOL) scales and clinical measures among COPD patients

Overview of Heatshield for Extreme Entry Environment Technology (HEEET) Engineering Test Unit (ETU) Manufacturing and Integration

The Heatshield for Extreme Entry Environment Technology (HEEET) projects objective is to mature a 3-D Woven Thermal Protection System (TPS) to Technical Readiness Level (TRL) 6 to support future NASA missions to destinations such as Venus and Saturn. A key aspect of the project has been the development of the manufacturing and integration processes/procedures necessary to build a heat shield utilizing the HEEET 3D-woven material. This has culminated in the building of a 1meter diameter Engineering Test Unit (ETU) representative of what would be used for a Saturn probe. This presentation will provide an overview of the manufacturing and integration processes utilized to build the ETU, with a focus on the seam design. The seam design represented the most challenging aspect of the HEEET development, given the aerothermal and structural requirements it needs to meet

Determinants and Effects on Property Values of Participation in Voluntary Cleanup Programs: The Case of Colorado

State Voluntary Cleanup Programs (VCPs) were established starting in the 1990s to encourage the environmental remediation and redevelopment of contaminated properties. These programs typically offer liability relief, subsidies and other regulatory incentives in exchange for site cleanup. This paper asks three questions: First, what type of properties are attracted to voluntary cleanup programs? Second, what is the interaction between these state programs and other incentives for remediation and economic development, such as Enterprise Zone and Brownfield Zone designations? Third, what is the effect of participation in the VCP on property values? We use data from Colorado’s VCP to answer these questions. We find that most of the properties enrolled in this program were not previously listed on EPA’s contaminated site registries, and that most applicants seek to obtain directly a “no further action” determination without undergoing remediation. The main determinants of participation are the size of the parcel and whether the surrounding land use is primarily residential, while other incentives have little effect. Properties with confirmed contamination sell at a 47% discount relative to comparable uncontaminated parcels, and participation tends to raise the property price, but this latter effect is not statistically significant. Taken together, these findings suggest that the participating properties are those with high development potential, and hint at the possibility that owners or developers may be seeking to obtain a clean bill of health from the State with only minimal or no cleanup efforts. Were these findings confirmed with data from other states, they would raise doubts about the effectiveness of voluntary programs in encouraging remediation and their usefulness in reversing some of the undesired effects of the Superfund legislation