CHERI: a research platform deconflating hardware virtualisation and protection

Contemporary CPU architectures conflate virtualization and protection, imposing virtualization-related performance, programmability, and debuggability penalties on software requiring finegrained protection. First observed in micro-kernel research, these problems are increasingly apparent in recent attempts to mitigate software vulnerabilities through application compartmentalisation. Capability Hardware Enhanced RISC Instructions (CHERI) extend RISC ISAs to support greater software compartmentalisation. CHERI’s hybrid capability model provides fine-grained compartmentalisation within address spaces while maintaining software backward compatibility, which will allow the incremental deployment of fine-grained compartmentalisation in both our most trusted and least trustworthy C-language software stacks. We have implemented a 64-bit MIPS research soft core, BERI, as well as a capability coprocessor, and begun adapting commodity software packages (FreeBSD and Chromium) to execute on the platform

Cultivation of a novel cold-adapted nitrite oxidizing betaproteobacterium from the Siberian Arctic

Permafrost-affected soils of the Siberian Arctic were investigated with regard to identification of nitrite oxidizing bacteria active at low temperature. Analysis of the fatty acid profiles of enrichment cultures grown at 4°C, 10°C and 17°C revealed a pattern that was different from that of known nitrite oxidizers but was similar to fatty acid profiles of Betaproteobacteria. Electron microscopy of two enrichment cultures grown at 10°C showed prevalent cells with a conspicuous ultrastructure. Sequence analysis of the 16S rRNA genes allocated the organisms to a so far uncultivated cluster of the Betaproteobacteria, with Gallionella ferruginea as next related taxonomically described organism. The results demonstrate that a novel genus of chemolithoautotrophic nitrite oxidizing bacteria is present in polygonal tundra soils and can be enriched at low temperatures up to 17°C. Cloned sequences with high sequence similarities were previously reported from mesophilic habitats like activated sludge and therefore an involvement of this taxon in nitrite oxidation in nonarctic habitats is suggested. The presented culture will provide an opportunity to correlate nitrification with nonidentified environmental clones in moderate habitats and give insights into mechanisms of cold adaptation. We propose provisional classification of the novel nitrite oxidizing bacterium as 'Candidatus Nitrotoga arctica'

Roy-Steiner equations for pion-nucleon scattering

Starting from hyperbolic dispersion relations, we derive a closed system of Roy-Steiner equations for pion-nucleon scattering that respects analyticity, unitarity, and crossing symmetry. We work out analytically all kernel functions and unitarity relations required for the lowest partial waves. In order to suppress the dependence on the high-energy regime we also consider once- and twice-subtracted versions of the equations, where we identify the subtraction constants with subthreshold parameters. Assuming Mandelstam analyticity we determine the maximal range of validity of these equations. As a first step towards the solution of the full system we cast the equations for the $\pi\pi\to\bar NN$ partial waves into the form of a Muskhelishvili-Omn\`es problem with finite matching point, which we solve numerically in the single-channel approximation. We investigate in detail the role of individual contributions to our solutions and discuss some consequences for the spectral functions of the nucleon electromagnetic form factors.Comment: 106 pages, 18 figures; version published in JHE

Fast Protection-Domain Crossing in the CHERI Capability-System Architecture

Capability Hardware Enhanced RISC Instructions (CHERI) supplement the conventional memory management unit (MMU) with instruction-set architecture (ISA) extensions that implement a capability system model in the address space. CHERI can also underpin a hardware-software object-capability model for scalable application compartmentalization that can mitigate broader classes of attack. This article describes ISA additions to CHERI that support fast protection-domain switching, not only in terms of low cycle count, but also efficient memory sharing with mutual distrust. The authors propose ISA support for sealed capabilities, hardware-assisted checking during protection-domain switching, a lightweight capability flow-control model, and fast register clearing, while retaining the flexibility of a software-defined protection-domain transition model. They validate this approach through a full-system experimental design, including ISA extensions, a field-programmable gate array prototype (implemented in Bluespec SystemVerilog), and a software stack including an OS (based on FreeBSD), compiler (based on LLVM), software compartmentalization model, and open-source applications.This work is part of the CTSRD and MRC2 projects sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C-0237 and FA8750-11-C-0249. We also acknowledge the Engineering and Physical Sciences Research Council (EPSRC) REMS Programme Grant [EP/K008528/1], the EPSRC Impact Acceleration Account [EP/K503757/1], EPSRC/ARM iCASE studentship [13220009], Microsoft studentship [MRS2011-031], the Isaac Newton Trust, the UK Higher Education Innovation Fund (HEIF), Thales E-Security, and Google, Inc.This is the author accepted manuscript. The final version of the article can be found at: http://ieeexplore.ieee.org/document/7723791

Combination schemes for turning point prediction

We propose new forecast combination schemes for predicting turning points of business cycles. The combination schemes deal with the forecasting performance of a given set of models and possibly providing better turning point predictions. We consider turning point predictions generated by autoregressive (AR) and Markov-Switching AR models, which are commonly used for business cycle analysis. In order to account for parameter uncertainty we consider a Bayesian approach to both estimation and prediction and compare, in terms of statistical accuracy, the individual models and the combined turning point predictions for the United States and Euro area business cycles

CHERI: A hybrid capability-system architecture for scalable software compartmentalization

CHERI extends a conventional RISC Instruction- Set Architecture, compiler, and operating system to support fine-grained, capability-based memory protection to mitigate memory-related vulnerabilities in C-language TCBs. We describe how CHERI capabilities can also underpin a hardware-software object-capability model for application compartmentalization that can mitigate broader classes of attack. Prototyped as an extension to the open-source 64-bit BERI RISC FPGA softcore processor, FreeBSD operating system, and LLVM compiler, we demonstrate multiple orders-of-magnitude improvement in scalability, simplified programmability, and resulting tangible security benefits as compared to compartmentalization based on pure Memory-Management Unit (MMU) designs. We evaluate incrementally deployable CHERI-based compartmentalization using several real-world UNIX libraries and applications.We thank our colleagues Ross Anderson, Ruslan Bukin, Gregory Chadwick, Steve Hand, Alexandre Joannou, Chris Kitching, Wojciech Koszek, Bob Laddaga, Patrick Lincoln, Ilias Marinos, A Theodore Markettos, Ed Maste, Andrew W. Moore, Alan Mujumdar, Prashanth Mundkur, Colin Rothwell, Philip Paeps, Jeunese Payne, Hassen Saidi, Howie Shrobe, and Bjoern Zeeb, our anonymous reviewers, and shepherd Frank Piessens, for their feedback and assistance. This work is part of the CTSRD and MRC2 projects sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C- 0237 and FA8750-11-C-0249. The views, opinions, and/or findings contained in this paper are those of the authors and should not be interpreted as representing the official views or policies, either expressed or implied, of the Department of Defense or the U.S. Government. We acknowledge the EPSRC REMS Programme Grant [EP/K008528/1], Isaac Newton Trust, UK Higher Education Innovation Fund (HEIF), Thales E-Security, and Google, Inc.This is the author accepted manuscript. The final version is available at http://dx.doi.org/10.1109/SP.2015.

Identification of the initial molecular changes in response to circulating angiogenic cells-mediated therapy in critical limb ischemia

BackgroundCritical limb ischemia (CLI) constitutes the most aggressive form of peripheral arterial occlusive disease, characterized by the blockade of arteries supplying blood to the lower extremities, significantly diminishing oxygen and nutrient supply. CLI patients usually undergo amputation of fingers, feet, or extremities, with a high risk of mortality due to associated comorbidities.Circulating angiogenic cells (CACs), also known as early endothelial progenitor cells, constitute promising candidates for cell therapy in CLI due to their assigned vascular regenerative properties. Preclinical and clinical assays with CACs have shown promising results. A better understanding of how these cells participate in vascular regeneration would significantly help to potentiate their role in revascularization.Herein, we analyzed the initial molecular mechanisms triggered by human CACs after being administered to a murine model of CLI, in order to understand how these cells promote angiogenesis within the ischemic tissues.MethodsBalb-c nude mice (n:24) were distributed in four different groups: healthy controls (C, n:4), shams (SH, n:4), and ischemic mice (after femoral ligation) that received either 50 mu l physiological serum (SC, n:8) or 5x10(5) human CACs (SE, n:8). Ischemic mice were sacrificed on days 2 and 4 (n:4/group/day), and immunohistochemistry assays and qPCR amplification of Alu-human-specific sequences were carried out for cell detection and vascular density measurements. Additionally, a label-free MS-based quantitative approach was performed to identify protein changes related.ResultsAdministration of CACs induced in the ischemic tissues an increase in the number of blood vessels as well as the diameter size compared to ischemic, non-treated mice, although the number of CACs decreased within time. The initial protein changes taking place in response to ischemia and more importantly, right after administration of CACs to CLI mice, are shown.ConclusionsOur results indicate that CACs migrate to the injured area; moreover, they trigger protein changes correlated with cell migration, cell death, angiogenesis, and arteriogenesis in the host. These changes indicate that CACs promote from the beginning an increase in the number of vessels as well as the development of an appropriate vascular network.Institute of Health Carlos III, ISCIII; Junta de Andaluci

The SNAPSHOT study protocol : SNAcking, Physical activity, Self-regulation, and Heart rate Over Time

Peer reviewedPublisher PD

A Measurement of Rb using a Double Tagging Method

The fraction of Z to bbbar events in hadronic Z decays has been measured by the OPAL experiment using the data collected at LEP between 1992 and 1995. The Z to bbbar decays were tagged using displaced secondary vertices, and high momentum electrons and muons. Systematic uncertainties were reduced by measuring the b-tagging efficiency using a double tagging technique. Efficiency correlations between opposite hemispheres of an event are small, and are well understood through comparisons between real and simulated data samples. A value of Rb = 0.2178 +- 0.0011 +- 0.0013 was obtained, where the first error is statistical and the second systematic. The uncertainty on Rc, the fraction of Z to ccbar events in hadronic Z decays, is not included in the errors. The dependence on Rc is Delta(Rb)/Rb = -0.056*Delta(Rc)/Rc where Delta(Rc) is the deviation of Rc from the value 0.172 predicted by the Standard Model. The result for Rb agrees with the value of 0.2155 +- 0.0003 predicted by the Standard Model.Comment: 42 pages, LaTeX, 14 eps figures included, submitted to European Physical Journal

Celecoxib exerts protective effects in the vascular endothelium via COX-2-independent activation of AMPK-CREB-Nrf2 signalling

Although concern remains about the athero-thrombotic risk posed by cyclo-oxygenase (COX)-2-selective inhibitors, recent data implicates rofecoxib, while celecoxib appears equivalent to NSAIDs naproxen and ibuprofen. We investigated the hypothesis that celecoxib activates AMP kinase (AMPK) signalling to enhance vascular endothelial protection. In human arterial and venous endothelial cells (EC), and in contrast to ibuprofen and naproxen, celecoxib induced the protective protein heme oxygenase-1 (HO-1). Celecoxib derivative 2,5-dimethyl-celecoxib (DMC) which lacks COX-2 inhibition also upregulated HO-1, implicating a COX-2-independent mechanism. Celecoxib activated AMPKα(Thr172) and CREB-1(Ser133) phosphorylation leading to Nrf2 nuclear translocation. Importantly, these responses were not reproduced by ibuprofen or naproxen, while AMPKα silencing abrogated celecoxib-mediated CREB and Nrf2 activation. Moreover, celecoxib induced H-ferritin via the same pathway, and increased HO-1 and H-ferritin in the aortic endothelium of mice fed celecoxib (1000 ppm) or control chow. Functionally, celecoxib inhibited TNF-α-induced NF-κB p65(Ser536) phosphorylation by activating AMPK. This attenuated VCAM-1 upregulation via induction of HO-1, a response reproduced by DMC but not ibuprofen or naproxen. Similarly, celecoxib prevented IL-1β-mediated induction of IL-6. Celecoxib enhances vascular protection via AMPK-CREB-Nrf2 signalling, a mechanism which may mitigate cardiovascular risk in patients prescribed celecoxib. Understanding NSAID heterogeneity and COX-2-independent signalling will ultimately lead to safer anti-inflammatory drugs