Software control-flow integrity (CFI) solutions have been applied to the Linux kernel for memory ... more Software control-flow integrity (CFI) solutions have been applied to the Linux kernel for memory protection. Due to performance costs, deployed software CFI solutions are coarse grained. In this work, we demonstrate a precise hardware-assisted kernel CFI running on widely-used off-the-shelf processors. Specifically, we use the ARMv8.3 pointer authentication (PAuth) extension and present a design that uses it to achieve strong security guarantees with minimal performance penalties. Furthermore, we show how deployment of such security primitives in the kernel can significantly differ from their user space application.
Run-time attacks against programs written in memory-unsafe programming languages (e.g., C and C++... more Run-time attacks against programs written in memory-unsafe programming languages (e.g., C and C++) remain a prominent threat against computer systems. The prevalence of techniques like return-oriented programming (ROP) in attacking real-world systems has prompted major processor manufacturers to design hardware-based countermeasures against specific classes of run-time attacks. An example is the recently added support for pointer authentication (PA) in the ARMv8-A processor architecture, commonly used in devices like smartphones. PA is a low-cost technique to authenticate pointers so as to resist memory vulnerabilities. It has been shown to enable practical protection against memory vulnerabilities that corrupt return addresses or function pointers. However, so far, PA has received very little attention as a general purpose protection mechanism to harden software against various classes of memory attacks. In this paper, we use PA to build novel defenses against various classes of ru...
Very small breast cancers are being diagnosed with increased frequency, and, until recently, litt... more Very small breast cancers are being diagnosed with increased frequency, and, until recently, little information regarding the incidence of axillary lymph node metastases in these most favorable tumors was available. Moreover, scarce data exist regarding axillary failure in this cohort as a function of initial treatment, be it surgery, radiation, or simply observation. In the present study, limited to women with invasive cancers measuring no more than 10 mm, the incidence of pathologically positive axillary nodes was 12.3%. The incidence of nodal metastases was influenced by tumor size (albeit not quite significantly, p = .08); not one patient with a tumor < or = 5 mm had axillary node metastases, compared to 14.7% in those with cancers 6 to 10 mm. The histologic grade and tumor location were also important in predicting nodal positivity. The incidence of positive nodes was 38% in those with poorly differentiated cancers, compared to 8% and 7% in women with well and moderately differentiated cancers, respectively, p = .03. Axillary nodal positivity was seen in 17% of outer quadrant vs 3% of central and inner quadrant primaries, p < .01. The axilla was managed with surgery alone (76%), radiation alone (6%), surgery and radiation (6%), or simply observation (10%). With a median follow-up of 55 months, not one patient has suffered a nodal recurrence, and in our experience, survival free of distant relapse was not adversely affected by the omission of axillary surgery.
Software control-flow integrity (CFI) solutions have been applied to the Linux kernel for memory ... more Software control-flow integrity (CFI) solutions have been applied to the Linux kernel for memory protection. Due to performance costs, deployed software CFI solutions are coarse grained. In this work, we demonstrate a precise hardware-assisted kernel CFI running on widely-used off-the-shelf processors. Specifically, we use the ARMv8.3 pointer authentication (PAuth) extension and present a design that uses it to achieve strong security guarantees with minimal performance penalties. Furthermore, we show how deployment of such security primitives in the kernel can significantly differ from their user space application.
Run-time attacks against programs written in memory-unsafe programming languages (e.g., C and C++... more Run-time attacks against programs written in memory-unsafe programming languages (e.g., C and C++) remain a prominent threat against computer systems. The prevalence of techniques like return-oriented programming (ROP) in attacking real-world systems has prompted major processor manufacturers to design hardware-based countermeasures against specific classes of run-time attacks. An example is the recently added support for pointer authentication (PA) in the ARMv8-A processor architecture, commonly used in devices like smartphones. PA is a low-cost technique to authenticate pointers so as to resist memory vulnerabilities. It has been shown to enable practical protection against memory vulnerabilities that corrupt return addresses or function pointers. However, so far, PA has received very little attention as a general purpose protection mechanism to harden software against various classes of memory attacks. In this paper, we use PA to build novel defenses against various classes of ru...
Very small breast cancers are being diagnosed with increased frequency, and, until recently, litt... more Very small breast cancers are being diagnosed with increased frequency, and, until recently, little information regarding the incidence of axillary lymph node metastases in these most favorable tumors was available. Moreover, scarce data exist regarding axillary failure in this cohort as a function of initial treatment, be it surgery, radiation, or simply observation. In the present study, limited to women with invasive cancers measuring no more than 10 mm, the incidence of pathologically positive axillary nodes was 12.3%. The incidence of nodal metastases was influenced by tumor size (albeit not quite significantly, p = .08); not one patient with a tumor < or = 5 mm had axillary node metastases, compared to 14.7% in those with cancers 6 to 10 mm. The histologic grade and tumor location were also important in predicting nodal positivity. The incidence of positive nodes was 38% in those with poorly differentiated cancers, compared to 8% and 7% in women with well and moderately differentiated cancers, respectively, p = .03. Axillary nodal positivity was seen in 17% of outer quadrant vs 3% of central and inner quadrant primaries, p < .01. The axilla was managed with surgery alone (76%), radiation alone (6%), surgery and radiation (6%), or simply observation (10%). With a median follow-up of 55 months, not one patient has suffered a nodal recurrence, and in our experience, survival free of distant relapse was not adversely affected by the omission of axillary surgery.
Uploads