Search for: All records

Compartmentalization decomposes a program into separate parts with mediated interactions through compartment interfaces—hiding information that would otherwise be accessible from a compromised component. Unfortunately, most code was not developed assuming its interfaces as trust boundaries. Left unchecked, these interfaces expose confused deputy attacks where data flowing from malicious inputs can coerce a compartment into accessing previously hidden information on-behalf-of the untrusted caller. We introduce a novel program analysis that models data flows through compartment interfaces to automatically and comprehensively find and measure the attack surface from compartment bypassing data flows. Using this analysis we examine the Linux kernel along diverse compartment boundaries and characterize the degree of vulnerability. We find that there are many compartment bypassing paths (395/4394 driver interfaces have 22741 paths), making it impossible to correct by hand. We introduce CIVSCOPE as a comprehensive and sound approach to analyze and uncover the lowerbound and potential upper-bound risks associated with the memory operations in compartment boundary interfaces. 

Abstract Biofilm formation is a major cause of hospital‐acquired infections. Research into biofilm‐resistant materials is therefore critical to reduce the frequency of these events. Polymer microarrays offer a high‐throughput approach to enable the efficient discovery of novel biofilm‐resistant polymers. Herein, bacterial attachment and surface chemistry are studied for a polymer microarray to improve the understanding ofPseudomonas aeruginosabiofilm formation on a diverse set of polymeric surfaces. The relationships between time‐of‐flight secondary ion mass spectrometry (ToF‐SIMS) data and biofilm formation are analyzed using linear multivariate analysis (partial least squares [PLS] regression) and a nonlinear self‐organizing map (SOM). The SOM models revealed several combinations of fragment ions that are positively or negatively associated with bacterial biofilm formation, which are not identified by PLS. With these insights, a second PLS model is calculated, in which interactions between key fragments (identified by the SOM) are explicitly considered. Inclusion of these terms improved the PLS model performance and shows that, without such terms, certain key fragment ions correlated with bacterial attachment may not be identified. The chemical insights provided by the combination of PLS regression and SOM will be useful for the design of materials that support negligible pathogen attachment.