Proceedings of the ACM on programming languages, Jan 2, 2019
Architecture specifications notionally define the fundamental interface between hardware and soft... more Architecture specifications notionally define the fundamental interface between hardware and software: the envelope of allowed behaviour for processor implementations, and the basic assumptions for software development and verification. But in practice, they are typically prose and pseudocode documents, not rigorous or executable artifacts, leaving software and verification on shaky ground. In this paper, we present rigorous semantic models for the sequential behaviour of large parts of the mainstream ARMv8-A, RISC-V, and MIPS architectures, and the research CHERI-MIPS architecture, that are complete enough to boot operating systems, variously Linux, FreeBSD, or seL4. Our ARMv8-A models are automatically translated from authoritative ARM-internal definitions, and (in one variant) tested against the ARM Architecture Validation Suite. We do this using a custom language for ISA semantics, Sail, with a lightweight dependent type system, that supports automatic generation of emulator code in C and OCaml, and automatic generation of proof-assistant definitions for Isabelle, HOL4, and (currently only for MIPS) Coq. We use the former for validation, and to assess specification coverage. To demonstrate the usability of the latter, we prove (in Isabelle) correctness of a purely functional characterisation of ARMv8-A address translation. We moreover integrate the RISC-V model into the RMEM tool for (user-mode) relaxed-memory concurrency exploration. We prove (on paper) the soundness of the core Sail type system. We thereby take a big step towards making the architectural abstraction actually well-defined, establishing foundations for verification and reasoning. CCS Concepts: • General and reference → Verification; • Theory of computation → Semantics and reasoning; • Computer systems organization → Architectures; • Software and its engineering → Assembly languages;
This technical report describes CHERI ISAv5, the fifth version of the Capability Hardware Enhance... more This technical report describes CHERI ISAv5, the fifth version of the Capability Hardware Enhanced RISC Instructions (CHERI) Instruction-Set Architecture (ISA) 1 being developed by SRI International and the University of Cambridge. This design captures six years of research, development, experimentation, refinement, formal analysis, and testing, and is a substantial enhancement to the ISA versions described in earlier technical reports. This version introduces the CHERI-128 "compressed" capability format, adds further capability instructions to improve code efficiency, and rationalizes a number of ISA design choices (such as system permissions) as we have come to better understand mappings from C programming-language and MMUbased operating-system models into CHERI. It also contains improvements to descriptions, explanations, and rationale. The CHERI instruction set is a hybrid capability-system architecture that adds new capabilitysystem primitives to a commodity 64-bit RISC ISA enabling software to efficiently implement fine-grained memory protection and a hardware-software object-capability security model. These extensions support incrementally adoptable, high-performance, formally based, programmerfriendly underpinnings for fine-grained software decomposition and compartmentalization, motivated by and capable of enforcing the principle of least privilege. Fine-grained memory protection provides direct mitigation of many widely deployed exploit techniques. The CHERI system architecture purposefully addresses known performance and robustness gaps in commodity ISAs that hinder the adoption of more secure programming models centered around the principle of least privilege. To this end, CHERI blends traditional paged virtual memory with a per-address-space capability model that includes capability registers, capability instructions, and tagged memory that have been added to the 64-bit MIPS ISA. CHERI learns from the C-language fat-pointer literature: its capabilities describe fine-grained regions of memory and can be substituted for data or code pointers in generated code, protecting data and also providing Control-Flow Integrity (CFI). Strong monotonicity properties allow the CHERI capability model to express a variety of protection properties, from valid C-language pointer provenance and bounds checking to implementing the isolation and controlled communication structures required for higher-level models such as software compartmentalization. CHERI's hybrid system approach, inspired by the Capsicum security model, allows incremental adoption of capability-oriented software design: software implementations that are more robust and resilient can be deployed where they are most needed, while leaving less critical software largely unmodified, but nevertheless suitably constrained to be incapable of having adverse effects. For example, we are focusing conversion efforts on low-level TCB components of the system: separation kernels, hypervisors, operating-system kernels, language runtimes, and userspace TCBs such as web browsers. Likewise, we see early-use scenarios (such as data compression, protocol parsing, image processing, and video processing) that relate to particularly high-risk software libraries, which are concentrations of both complex and historically vulnerability-prone code combined with untrustworthy data sources, while leaving containing applications unchanged.
Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, 2019
The CHERI architecture allows pointers to be implemented as capabilities (rather than integer vir... more The CHERI architecture allows pointers to be implemented as capabilities (rather than integer virtual addresses) in a manner that is compatible with, and strengthens, the semantics of the C language. In addition to the spatial protections offered by conventional fat pointers, CHERI capabilities offer strong integrity, enforced provenance validity, and access monotonicity. The stronger guarantees of these architectural capabilities must be reconciled with the real-world
We present CHERI Concentrate, a new fat-pointer compression scheme applied to CHERI, the most dev... more We present CHERI Concentrate, a new fat-pointer compression scheme applied to CHERI, the most developed capability-pointer system at present. Capability fat pointers are a primary candidate to enforce fine-grained and non-bypassable security properties in future computer systems, although increased pointer size can severely affect performance. Thus, several proposals for capability compression have been suggested elsewhere that do not support legacy instruction sets, ignore features critical to the existing software base, and also introduce design inefficiencies to RISC-style processor pipelines. CHERI Concentrate improves on the state-of-the-art region-encoding efficiency, solves important pipeline problems, and eases semantic restrictions of compressed encoding, allowing it to protect a full legacy software stack. We present the first quantitative analysis of compiled capability code, which we use to guide the design of the encoding format. We analyze and extend logic from the open-source CHERI prototype processor design on FPGA to demonstrate encoding efficiency, minimize delay of pointer arithmetic, and eliminate additional load-to-use delay. To verify correctness of our proposed high-performance logic, we present a HOL4 machine-checked proof of the decode and pointer-modify operations. Finally, we measure a 50% to 75% reduction in L2 misses for many compiled C-language benchmarks running under a commodity operating system using compressed 128-bit and 64-bit formats, demonstrating both compatibility with and increased performance over the uncompressed, 256-bit format.
Treatment of medically intractable focal epilepsy (MIFE) by surgical resection of the epileptogen... more Treatment of medically intractable focal epilepsy (MIFE) by surgical resection of the epileptogenic zone (EZ) is often effective provided the EZ can be reliably identified. Even with the use of invasive recordings, the clinical differentiation between the EZ and normal brain areas can be quite challenging, mainly in patients without MRI detectable lesions. Consequently, despite relatively large brain regions being removed, surgical success rates barely reach 60-65%. Such variable and unfavorable outcomes associated with high morbidity rates are often caused by imprecise and/or inaccurate EZ localization. We developed a localization algorithm that uses network-based data analytics to process invasive EEG recordings. This network algorithm analyzes the centrality signatures of every contact electrode within the recording network and characterizes contacts into susceptible EZ based on the centrality trends over time. The algorithm was tested in a retrospective study that included 42 pa...
Java provides security and robustness by building a highlevel security model atop the foundation ... more Java provides security and robustness by building a highlevel security model atop the foundation of memory protection. Unfortunately, any native code linked into a Java program-including the million lines used to implement the standard library-is able to bypass both the memory protection and the higher-level policies. We present a hardwareassisted implementation of the Java native code interface, which extends the guarantees required for Java's security model to native code. Our design supports safe direct access to buffers owned by the JVM, including hardware-enforced read-only access where appropriate. We also present Java language syntax to declaratively describe isolated compartments for native code. We show that it is possible to preserve the memory safety and isolation requirements of the Java security model in C code, allowing native code to run in the same process as Java code with the same impact on security as running equivalent Java code. Our approach has a negligible impact on performance, compared with the existing unsafe native code interface. We demonstrate a prototype implementation running on the CHERI microprocessor synthesized in FPGA.
Capability Hardware Enhanced RISC Instructions (CHERI) supplement the conventional Memory Managem... more Capability Hardware Enhanced RISC Instructions (CHERI) supplement the conventional Memory Management Unit (MMU) with Instruction-Set Architecture (ISA) extensions that implement an in-address-space capability-system model. CHERI capabilities can also underpin a hardware-software object-capability model for scalable application compartmentalization that can mitigate broader classes of attack. This paper describes ISA additions to CHERI that support fast protection-domain switching, not only in terms of low cycle count, but also efficient memory sharing with mutual distrust. We propose ISA support for sealed capabilities, hardware-assisted checking during protection-domain switching, a lightweight capability flow-control model, and fast register clearing-while retaining the flexibility of a software-defined protection-domain transition model. We validate this approach through a full-system experimental design including ISA extensions, FPGA prototype (implemented in Bluespec SystemVerilog), and software stack including OS (based on FreeBSD), compiler (based on LLVM), software compartmentalization model, and open-source applications.
Se is a potent nutritional antioxidant important for various aspects of human health. Because ast... more Se is a potent nutritional antioxidant important for various aspects of human health. Because asthma has been demonstrated to involve increased oxidative stress, levels of Se intake have been hypothesized to play an important role in the pathogenesis of asthma. However, significant associations between Se status and prevalence or severity of asthma have not been consistently demonstrated in human studies. This highlights both the complex etiology of human asthma and the inherent problems with correlative nutritional studies. In this review, the different findings in human studies are discussed along with results from limited intervention studies. Mouse models of asthma have provided more definitive results suggesting that the benefits of Se supplementation may depend on an individual's initial Se status. This likely involves T helper cell differentiation and the mechanistic studies that have provided important insight into the effects of Se levels on immune cell function are summarized. Importantly, the benefits and adverse effects of Se supplementation must both be considered in using this nutritional supplement for treating asthma. With this in mind new approaches are discussed that may provide more safe and effective means for using Se supplementation for asthma or other disorders involving inflammation or immunity.
Part of the Orthopedics Commons This Article is brought to you for free and open access by the Je... more Part of the Orthopedics Commons This Article is brought to you for free and open access by the Jefferson Digital Commons. The Jefferson Digital Commons is a service of Thomas Jefferson University's Center for Teaching and Learning (CTL). The Commons is a showcase for Jefferson books and journals, peer-reviewed scholarly publications, unique historical collections from the University archives, and teaching tools. The Jefferson Digital Commons allows researchers and interested readers anywhere in the world to learn about and keep up to date with Jefferson scholarship. This article has been accepted for inclusion in Rothman Institute by an authorized administrator of the Jefferson Digital Commons.
Background: Selenoprotein K is important for calcium-dependent activation of immune cells. Result... more Background: Selenoprotein K is important for calcium-dependent activation of immune cells. Results: Selenoprotein K is cleaved by m-calpain in resting macrophages, but Toll-like receptor activation induces calpastatin generating full-length, functional selenoprotein K. Conclusion: Proteolytic modulation of selenoprotein K is important for macrophage activation. Significance: New roles are defined for the calpain/calpastatin system and selenoprotein K during macrophage activation and inflammation.
Common peroneal nerve palsy following total knee arthroplasty: Common peroneal nerve palsy follow... more Common peroneal nerve palsy following total knee arthroplasty: Common peroneal nerve palsy following total knee arthroplasty: prognostic factors and course of recovery.
Purpose This study investigated the residual contribution of legume and fertilizer nitrogen (N) t... more Purpose This study investigated the residual contribution of legume and fertilizer nitrogen (N) to a subsequent crop under the effect of elevated carbon dioxide concentration ([CO 2 ]). Methods Field pea (Pisum sativum L.) was labeled in situ with 15 N (by absorption of a 15 N-labeled urea solution through cut tendrils) under ambient and elevated (700 μmol mol-1) [CO 2 ] in controlled environment glasshouse chambers. Barley (Hordeum vulgare L.) and its soil were also labeled under the same conditions by addition of 15 N-enriched urea to the soil. Wheat (Triticum aestivum L.) was subsequently grown to physiological maturity on the soil containing either 15 N-labeled field pea residues (including 15 N-labeled rhizodeposits) or 15 N-labeled barley plus fertilizer 15 N residues. Results Elevated [CO 2 ] increased the total biomass of field pea (21 %) and N-fertilized barley (23 %), but did not significantly affect the biomass of unfertilized barley. Elevated [CO 2 ] increased the C:N ratio of residues of field pea (18 %) and N-fertilized barley (19 %), but had no significant effect on that of unfertilized barley. Elevated [CO 2 ] increased total biomass (11 %) and grain yield (40 %) of subsequent wheat crop regardless of rotation type in the first phase. Irrespective of [CO 2 ], the grain yield and total N uptake by wheat following field pea were 24 % and 11 %, respectively, higher than those of the wheat following N-fertilized barley. The residual N contribution from field pea to wheat was 20 % under ambient [CO 2 ], but dropped to 11 % under elevated [CO 2 ], while that from fertilizer did not differ significantly between ambient [CO 2 ] (4 %) and elevated [CO 2 ] (5 %). Conclusions The relative value of legume derived N to subsequent cereals may be reduced under elevated [CO 2 ]. However, compared to N fertilizer application, legume incorporation will be more beneficial to grain yield and N supply to subsequent cereals under future (elevated [CO 2 ]) climates. Keywords Elevated [CO 2 ]. 15 N labeling. Belowground legume N. Residual legume N. Residual fertilizer N
In this paper the simple accelerometers based on PZT thin films were developed and characterized.... more In this paper the simple accelerometers based on PZT thin films were developed and characterized. The functions of seismic mass and spring are given by a boss loaded cantilever structure. The strain of the cantilever is detected by a Pb(Zr.Ti)O3 thin film. A 2 mm long and 0.8 mm wide cantilever yielded a response of 0.6 mV/g* in the frequency
SUMMARYBurkholderia pseudomallei, the causative agent of melioidosis is associated with soil. Thi... more SUMMARYBurkholderia pseudomallei, the causative agent of melioidosis is associated with soil. This study used a geographic information system (GIS) to determine the spatial distribution of clinical cases of melioidosis in the endemic suburban region of Townsville in Australia. A total of 65 cases over the period 1996–2008 were plotted using residential address. Two distinct groupings were found. One was around the base of a hill in the city centre and the other followed the old course of a major waterway in the region. Both groups (accounting for 43 of the 65 cases examined) are in areas expected to have particularly wet topsoils following intense rainfall, due to soil type or landscape position.
Environmental Burkholderia pseudomallei isolated from sandy soil at Castle Hill, Townsville, in t... more Environmental Burkholderia pseudomallei isolated from sandy soil at Castle Hill, Townsville, in the dry tropic region of Queensland, Australia, was inoculated into sterile-soil laboratory microcosms subjected to variable soil moisture. Survival and sublethal injury of the B. pseudomallei strain were monitored by recovery using culture-based methods. Soil extraction buffer yielded higher recoveries as an extraction agent than sterile distilled water. B. pseudomallei was not recoverable when inoculated into desiccated soil but remained recoverable from moist soil subjected to 91 days' desiccation and showed a growth response to increased soil moisture over at least 113 days. Results indicate that endemic dry tropic soil may act as a reservoir during the dry season, with an increase in cell number and potential for mobilization from soil into water in the wet season.
CHERI extends a conventional RISC Instruction-Set Architecture, compiler, and operating system to... more CHERI extends a conventional RISC Instruction-Set Architecture, compiler, and operating system to support fine-grained, capability-based memory protection to mitigate memory-related vulnerabilities in C-language TCBs. We describe how CHERI capabilities can also underpin a hardware-software object-capability model for application compartmentalization that can mitigate broader classes of attack. Prototyped as an extension to the open-source 64-bit BERI RISC FPGA softcore processor, FreeBSD operating system, and LLVM compiler, we demonstrate multiple orders-of-magnitude improvement in scalability, simplified programmability, and resulting tangible security benefits as compared to compartmentalization based on pure Memory-Management Unit (MMU) designs. We evaluate incrementally deployable CHERI-based compartmentalization using several real-world UNIX libraries and applications.
eral results. This check is particularly important since our numerical results show substantial d... more eral results. This check is particularly important since our numerical results show substantial deviation from those presented by Yeh8 even for elliptic cross sections of small eccentricity. For example, when x = 1. 90, m = f, and b/a = 1. 05 (kgq 2 /4 = O. 1 and ko q coshto = 2. 0 in Yeh's notation), we find a back scattering cross section (ako /4) of 0. 56 as opposed to 0. 7 for Yeh. However, for these parameters the abovementioned approximation scheme gives an independent check on our expansion coefficients and confirms the accuracy of our calculation to within 1%. The agreement obtained in all limiting cases confirms the validity of the results presented here. V. CONCLUSION Relatively simple expressions have been developed for the machine computation of electromagnetic scattering from dielectric rods of arbitrary cross section. As an example of the application of these formulas, results for the scattering cross section of rods with rectangular and elliptic cross section have been presented. Graphs are obtained showing cross section versus size, eccentricity, and index of refraction. In particular, once results for a given polarization and angle of incidence are obtained, the formulas give results for the other polarization and arbitrary angle of incidence with little additional effort. Although numerical results obtained for elliptic rods disagree with one set previously published in the literature, our independent approximation methods support the results presented here.
New spectra of Mars in the 3-4 micron region at significantly higher resolution than previously a... more New spectra of Mars in the 3-4 micron region at significantly higher resolution than previously available were obtained near the 1969 opposition. No features positively identifiable as being due to the Martian atmosphere could be detected. The existence of an albedo drop, probably due to surface water of hydration, is confirmed.
Proceedings of the ACM on programming languages, Jan 2, 2019
Architecture specifications notionally define the fundamental interface between hardware and soft... more Architecture specifications notionally define the fundamental interface between hardware and software: the envelope of allowed behaviour for processor implementations, and the basic assumptions for software development and verification. But in practice, they are typically prose and pseudocode documents, not rigorous or executable artifacts, leaving software and verification on shaky ground. In this paper, we present rigorous semantic models for the sequential behaviour of large parts of the mainstream ARMv8-A, RISC-V, and MIPS architectures, and the research CHERI-MIPS architecture, that are complete enough to boot operating systems, variously Linux, FreeBSD, or seL4. Our ARMv8-A models are automatically translated from authoritative ARM-internal definitions, and (in one variant) tested against the ARM Architecture Validation Suite. We do this using a custom language for ISA semantics, Sail, with a lightweight dependent type system, that supports automatic generation of emulator code in C and OCaml, and automatic generation of proof-assistant definitions for Isabelle, HOL4, and (currently only for MIPS) Coq. We use the former for validation, and to assess specification coverage. To demonstrate the usability of the latter, we prove (in Isabelle) correctness of a purely functional characterisation of ARMv8-A address translation. We moreover integrate the RISC-V model into the RMEM tool for (user-mode) relaxed-memory concurrency exploration. We prove (on paper) the soundness of the core Sail type system. We thereby take a big step towards making the architectural abstraction actually well-defined, establishing foundations for verification and reasoning. CCS Concepts: • General and reference → Verification; • Theory of computation → Semantics and reasoning; • Computer systems organization → Architectures; • Software and its engineering → Assembly languages;
This technical report describes CHERI ISAv5, the fifth version of the Capability Hardware Enhance... more This technical report describes CHERI ISAv5, the fifth version of the Capability Hardware Enhanced RISC Instructions (CHERI) Instruction-Set Architecture (ISA) 1 being developed by SRI International and the University of Cambridge. This design captures six years of research, development, experimentation, refinement, formal analysis, and testing, and is a substantial enhancement to the ISA versions described in earlier technical reports. This version introduces the CHERI-128 "compressed" capability format, adds further capability instructions to improve code efficiency, and rationalizes a number of ISA design choices (such as system permissions) as we have come to better understand mappings from C programming-language and MMUbased operating-system models into CHERI. It also contains improvements to descriptions, explanations, and rationale. The CHERI instruction set is a hybrid capability-system architecture that adds new capabilitysystem primitives to a commodity 64-bit RISC ISA enabling software to efficiently implement fine-grained memory protection and a hardware-software object-capability security model. These extensions support incrementally adoptable, high-performance, formally based, programmerfriendly underpinnings for fine-grained software decomposition and compartmentalization, motivated by and capable of enforcing the principle of least privilege. Fine-grained memory protection provides direct mitigation of many widely deployed exploit techniques. The CHERI system architecture purposefully addresses known performance and robustness gaps in commodity ISAs that hinder the adoption of more secure programming models centered around the principle of least privilege. To this end, CHERI blends traditional paged virtual memory with a per-address-space capability model that includes capability registers, capability instructions, and tagged memory that have been added to the 64-bit MIPS ISA. CHERI learns from the C-language fat-pointer literature: its capabilities describe fine-grained regions of memory and can be substituted for data or code pointers in generated code, protecting data and also providing Control-Flow Integrity (CFI). Strong monotonicity properties allow the CHERI capability model to express a variety of protection properties, from valid C-language pointer provenance and bounds checking to implementing the isolation and controlled communication structures required for higher-level models such as software compartmentalization. CHERI's hybrid system approach, inspired by the Capsicum security model, allows incremental adoption of capability-oriented software design: software implementations that are more robust and resilient can be deployed where they are most needed, while leaving less critical software largely unmodified, but nevertheless suitably constrained to be incapable of having adverse effects. For example, we are focusing conversion efforts on low-level TCB components of the system: separation kernels, hypervisors, operating-system kernels, language runtimes, and userspace TCBs such as web browsers. Likewise, we see early-use scenarios (such as data compression, protocol parsing, image processing, and video processing) that relate to particularly high-risk software libraries, which are concentrations of both complex and historically vulnerability-prone code combined with untrustworthy data sources, while leaving containing applications unchanged.
Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, 2019
The CHERI architecture allows pointers to be implemented as capabilities (rather than integer vir... more The CHERI architecture allows pointers to be implemented as capabilities (rather than integer virtual addresses) in a manner that is compatible with, and strengthens, the semantics of the C language. In addition to the spatial protections offered by conventional fat pointers, CHERI capabilities offer strong integrity, enforced provenance validity, and access monotonicity. The stronger guarantees of these architectural capabilities must be reconciled with the real-world
We present CHERI Concentrate, a new fat-pointer compression scheme applied to CHERI, the most dev... more We present CHERI Concentrate, a new fat-pointer compression scheme applied to CHERI, the most developed capability-pointer system at present. Capability fat pointers are a primary candidate to enforce fine-grained and non-bypassable security properties in future computer systems, although increased pointer size can severely affect performance. Thus, several proposals for capability compression have been suggested elsewhere that do not support legacy instruction sets, ignore features critical to the existing software base, and also introduce design inefficiencies to RISC-style processor pipelines. CHERI Concentrate improves on the state-of-the-art region-encoding efficiency, solves important pipeline problems, and eases semantic restrictions of compressed encoding, allowing it to protect a full legacy software stack. We present the first quantitative analysis of compiled capability code, which we use to guide the design of the encoding format. We analyze and extend logic from the open-source CHERI prototype processor design on FPGA to demonstrate encoding efficiency, minimize delay of pointer arithmetic, and eliminate additional load-to-use delay. To verify correctness of our proposed high-performance logic, we present a HOL4 machine-checked proof of the decode and pointer-modify operations. Finally, we measure a 50% to 75% reduction in L2 misses for many compiled C-language benchmarks running under a commodity operating system using compressed 128-bit and 64-bit formats, demonstrating both compatibility with and increased performance over the uncompressed, 256-bit format.
Treatment of medically intractable focal epilepsy (MIFE) by surgical resection of the epileptogen... more Treatment of medically intractable focal epilepsy (MIFE) by surgical resection of the epileptogenic zone (EZ) is often effective provided the EZ can be reliably identified. Even with the use of invasive recordings, the clinical differentiation between the EZ and normal brain areas can be quite challenging, mainly in patients without MRI detectable lesions. Consequently, despite relatively large brain regions being removed, surgical success rates barely reach 60-65%. Such variable and unfavorable outcomes associated with high morbidity rates are often caused by imprecise and/or inaccurate EZ localization. We developed a localization algorithm that uses network-based data analytics to process invasive EEG recordings. This network algorithm analyzes the centrality signatures of every contact electrode within the recording network and characterizes contacts into susceptible EZ based on the centrality trends over time. The algorithm was tested in a retrospective study that included 42 pa...
Java provides security and robustness by building a highlevel security model atop the foundation ... more Java provides security and robustness by building a highlevel security model atop the foundation of memory protection. Unfortunately, any native code linked into a Java program-including the million lines used to implement the standard library-is able to bypass both the memory protection and the higher-level policies. We present a hardwareassisted implementation of the Java native code interface, which extends the guarantees required for Java's security model to native code. Our design supports safe direct access to buffers owned by the JVM, including hardware-enforced read-only access where appropriate. We also present Java language syntax to declaratively describe isolated compartments for native code. We show that it is possible to preserve the memory safety and isolation requirements of the Java security model in C code, allowing native code to run in the same process as Java code with the same impact on security as running equivalent Java code. Our approach has a negligible impact on performance, compared with the existing unsafe native code interface. We demonstrate a prototype implementation running on the CHERI microprocessor synthesized in FPGA.
Capability Hardware Enhanced RISC Instructions (CHERI) supplement the conventional Memory Managem... more Capability Hardware Enhanced RISC Instructions (CHERI) supplement the conventional Memory Management Unit (MMU) with Instruction-Set Architecture (ISA) extensions that implement an in-address-space capability-system model. CHERI capabilities can also underpin a hardware-software object-capability model for scalable application compartmentalization that can mitigate broader classes of attack. This paper describes ISA additions to CHERI that support fast protection-domain switching, not only in terms of low cycle count, but also efficient memory sharing with mutual distrust. We propose ISA support for sealed capabilities, hardware-assisted checking during protection-domain switching, a lightweight capability flow-control model, and fast register clearing-while retaining the flexibility of a software-defined protection-domain transition model. We validate this approach through a full-system experimental design including ISA extensions, FPGA prototype (implemented in Bluespec SystemVerilog), and software stack including OS (based on FreeBSD), compiler (based on LLVM), software compartmentalization model, and open-source applications.
Se is a potent nutritional antioxidant important for various aspects of human health. Because ast... more Se is a potent nutritional antioxidant important for various aspects of human health. Because asthma has been demonstrated to involve increased oxidative stress, levels of Se intake have been hypothesized to play an important role in the pathogenesis of asthma. However, significant associations between Se status and prevalence or severity of asthma have not been consistently demonstrated in human studies. This highlights both the complex etiology of human asthma and the inherent problems with correlative nutritional studies. In this review, the different findings in human studies are discussed along with results from limited intervention studies. Mouse models of asthma have provided more definitive results suggesting that the benefits of Se supplementation may depend on an individual's initial Se status. This likely involves T helper cell differentiation and the mechanistic studies that have provided important insight into the effects of Se levels on immune cell function are summarized. Importantly, the benefits and adverse effects of Se supplementation must both be considered in using this nutritional supplement for treating asthma. With this in mind new approaches are discussed that may provide more safe and effective means for using Se supplementation for asthma or other disorders involving inflammation or immunity.
Part of the Orthopedics Commons This Article is brought to you for free and open access by the Je... more Part of the Orthopedics Commons This Article is brought to you for free and open access by the Jefferson Digital Commons. The Jefferson Digital Commons is a service of Thomas Jefferson University's Center for Teaching and Learning (CTL). The Commons is a showcase for Jefferson books and journals, peer-reviewed scholarly publications, unique historical collections from the University archives, and teaching tools. The Jefferson Digital Commons allows researchers and interested readers anywhere in the world to learn about and keep up to date with Jefferson scholarship. This article has been accepted for inclusion in Rothman Institute by an authorized administrator of the Jefferson Digital Commons.
Background: Selenoprotein K is important for calcium-dependent activation of immune cells. Result... more Background: Selenoprotein K is important for calcium-dependent activation of immune cells. Results: Selenoprotein K is cleaved by m-calpain in resting macrophages, but Toll-like receptor activation induces calpastatin generating full-length, functional selenoprotein K. Conclusion: Proteolytic modulation of selenoprotein K is important for macrophage activation. Significance: New roles are defined for the calpain/calpastatin system and selenoprotein K during macrophage activation and inflammation.
Common peroneal nerve palsy following total knee arthroplasty: Common peroneal nerve palsy follow... more Common peroneal nerve palsy following total knee arthroplasty: Common peroneal nerve palsy following total knee arthroplasty: prognostic factors and course of recovery.
Purpose This study investigated the residual contribution of legume and fertilizer nitrogen (N) t... more Purpose This study investigated the residual contribution of legume and fertilizer nitrogen (N) to a subsequent crop under the effect of elevated carbon dioxide concentration ([CO 2 ]). Methods Field pea (Pisum sativum L.) was labeled in situ with 15 N (by absorption of a 15 N-labeled urea solution through cut tendrils) under ambient and elevated (700 μmol mol-1) [CO 2 ] in controlled environment glasshouse chambers. Barley (Hordeum vulgare L.) and its soil were also labeled under the same conditions by addition of 15 N-enriched urea to the soil. Wheat (Triticum aestivum L.) was subsequently grown to physiological maturity on the soil containing either 15 N-labeled field pea residues (including 15 N-labeled rhizodeposits) or 15 N-labeled barley plus fertilizer 15 N residues. Results Elevated [CO 2 ] increased the total biomass of field pea (21 %) and N-fertilized barley (23 %), but did not significantly affect the biomass of unfertilized barley. Elevated [CO 2 ] increased the C:N ratio of residues of field pea (18 %) and N-fertilized barley (19 %), but had no significant effect on that of unfertilized barley. Elevated [CO 2 ] increased total biomass (11 %) and grain yield (40 %) of subsequent wheat crop regardless of rotation type in the first phase. Irrespective of [CO 2 ], the grain yield and total N uptake by wheat following field pea were 24 % and 11 %, respectively, higher than those of the wheat following N-fertilized barley. The residual N contribution from field pea to wheat was 20 % under ambient [CO 2 ], but dropped to 11 % under elevated [CO 2 ], while that from fertilizer did not differ significantly between ambient [CO 2 ] (4 %) and elevated [CO 2 ] (5 %). Conclusions The relative value of legume derived N to subsequent cereals may be reduced under elevated [CO 2 ]. However, compared to N fertilizer application, legume incorporation will be more beneficial to grain yield and N supply to subsequent cereals under future (elevated [CO 2 ]) climates. Keywords Elevated [CO 2 ]. 15 N labeling. Belowground legume N. Residual legume N. Residual fertilizer N
In this paper the simple accelerometers based on PZT thin films were developed and characterized.... more In this paper the simple accelerometers based on PZT thin films were developed and characterized. The functions of seismic mass and spring are given by a boss loaded cantilever structure. The strain of the cantilever is detected by a Pb(Zr.Ti)O3 thin film. A 2 mm long and 0.8 mm wide cantilever yielded a response of 0.6 mV/g* in the frequency
SUMMARYBurkholderia pseudomallei, the causative agent of melioidosis is associated with soil. Thi... more SUMMARYBurkholderia pseudomallei, the causative agent of melioidosis is associated with soil. This study used a geographic information system (GIS) to determine the spatial distribution of clinical cases of melioidosis in the endemic suburban region of Townsville in Australia. A total of 65 cases over the period 1996–2008 were plotted using residential address. Two distinct groupings were found. One was around the base of a hill in the city centre and the other followed the old course of a major waterway in the region. Both groups (accounting for 43 of the 65 cases examined) are in areas expected to have particularly wet topsoils following intense rainfall, due to soil type or landscape position.
Environmental Burkholderia pseudomallei isolated from sandy soil at Castle Hill, Townsville, in t... more Environmental Burkholderia pseudomallei isolated from sandy soil at Castle Hill, Townsville, in the dry tropic region of Queensland, Australia, was inoculated into sterile-soil laboratory microcosms subjected to variable soil moisture. Survival and sublethal injury of the B. pseudomallei strain were monitored by recovery using culture-based methods. Soil extraction buffer yielded higher recoveries as an extraction agent than sterile distilled water. B. pseudomallei was not recoverable when inoculated into desiccated soil but remained recoverable from moist soil subjected to 91 days' desiccation and showed a growth response to increased soil moisture over at least 113 days. Results indicate that endemic dry tropic soil may act as a reservoir during the dry season, with an increase in cell number and potential for mobilization from soil into water in the wet season.
CHERI extends a conventional RISC Instruction-Set Architecture, compiler, and operating system to... more CHERI extends a conventional RISC Instruction-Set Architecture, compiler, and operating system to support fine-grained, capability-based memory protection to mitigate memory-related vulnerabilities in C-language TCBs. We describe how CHERI capabilities can also underpin a hardware-software object-capability model for application compartmentalization that can mitigate broader classes of attack. Prototyped as an extension to the open-source 64-bit BERI RISC FPGA softcore processor, FreeBSD operating system, and LLVM compiler, we demonstrate multiple orders-of-magnitude improvement in scalability, simplified programmability, and resulting tangible security benefits as compared to compartmentalization based on pure Memory-Management Unit (MMU) designs. We evaluate incrementally deployable CHERI-based compartmentalization using several real-world UNIX libraries and applications.
eral results. This check is particularly important since our numerical results show substantial d... more eral results. This check is particularly important since our numerical results show substantial deviation from those presented by Yeh8 even for elliptic cross sections of small eccentricity. For example, when x = 1. 90, m = f, and b/a = 1. 05 (kgq 2 /4 = O. 1 and ko q coshto = 2. 0 in Yeh's notation), we find a back scattering cross section (ako /4) of 0. 56 as opposed to 0. 7 for Yeh. However, for these parameters the abovementioned approximation scheme gives an independent check on our expansion coefficients and confirms the accuracy of our calculation to within 1%. The agreement obtained in all limiting cases confirms the validity of the results presented here. V. CONCLUSION Relatively simple expressions have been developed for the machine computation of electromagnetic scattering from dielectric rods of arbitrary cross section. As an example of the application of these formulas, results for the scattering cross section of rods with rectangular and elliptic cross section have been presented. Graphs are obtained showing cross section versus size, eccentricity, and index of refraction. In particular, once results for a given polarization and angle of incidence are obtained, the formulas give results for the other polarization and arbitrary angle of incidence with little additional effort. Although numerical results obtained for elliptic rods disagree with one set previously published in the literature, our independent approximation methods support the results presented here.
New spectra of Mars in the 3-4 micron region at significantly higher resolution than previously a... more New spectra of Mars in the 3-4 micron region at significantly higher resolution than previously available were obtained near the 1969 opposition. No features positively identifiable as being due to the Martian atmosphere could be detected. The existence of an albedo drop, probably due to surface water of hydration, is confirmed.
Uploads
Papers by Robert Norton