Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher.
Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?
Some links on this page may take you to non-federal websites. Their policies may differ from this site.
-
Modern applications, written in high-level programming languages, enjoy the security benefits of memory and type safety. Unfortunately, even a single memory-unsafe library can wreak havoc on the rest of an otherwise safe application, nullifying all the security guarantees offered by the high-level language and its managed runtime. We perform a study across the Node.js ecosystem to understand the use patterns of binary add-ons. Taking the identified trends into account, we propose a new hybrid permission model aimed at protecting both a binary add-on and its language-specific wrapper. The permission model is applied all around a native add-on and is enforced through a hybrid language-binary scheme that interposes on accesses to sensitive resources from all parts of the native library. We infer the add-on’s permission set automatically over both its binary and JavaScript sides, via a set of novel program analyses. Applied to a wide variety of native add-ons, we show that our framework, BinWrap, reduces access to sensitive resources, defends against real-world exploits, and imposes an overhead that ranges between 0.71%–10.4%.more » « less
-
Lau, Eric H. (Ed.)
Beginning December 2016, sylvatic yellow fever (YF) outbreaks spread into southeastern Brazil, and Minas Gerais state experienced two sylvatic YF waves (2017 and 2018). Following these massive YF waves, we screened 187 free-living non-human primate (NHPs) carcasses collected throughout the state between January 2019 and June 2021 for YF virus (YFV) using RTqPCR. One sample belonging to a
Callithrix , collected in June 2020, was positive for YFV. The viral strain belonged to the same lineage associated with 2017–2018 outbreaks, showing the continued enzootic circulation of YFV in the state. Next, using data from 781 NHPs carcasses collected in 2017–18, we used generalized additive mixed models (GAMMs) to identify the spatiotemporal and host-level drivers of YFV infection and intensity (an estimation of genomic viral load in the liver of infected NHP). Our GAMMs explained 65% and 68% of variation in virus infection and intensity, respectively, and uncovered strong temporal and spatial patterns for YFV infection and intensity. NHP infection was higher in the eastern part of Minas Gerais state, where 2017–2018 outbreaks affecting humans and NHPs were concentrated. The odds of YFV infection were significantly lower in NHPs from urban areas than from urban-rural or rural areas, while infection intensity was significantly lower in NHPs from urban areas or the urban-rural interface relative to rural areas. Both YFV infection and intensity were higher during the warm/rainy season compared to the cold/dry season. The higher YFV intensity in NHPs in warm/rainy periods could be a result of higher exposure to vectors and/or higher virus titers in vectors during this time resulting in the delivery of a higher virus dose and higher viral replication levels within NHPs. Further studies are needed to better test this hypothesis and further compare the dynamics of YFV enzootic cycles between different seasons. -
Low, Jenny (Ed.)Yellow fever virus (YFV) is the etiological agent of yellow fever (YF), an acute hemorrhagic vector-borne disease with a significant impact on public health, is endemic across tropical regions in Africa and South America. The virus is maintained in two ecologically and evolutionary distinct transmission cycles: an enzootic, sylvatic cycle, where the virus circulates between arboreal Aedes species mosquitoes and non-human primates, and a human or urban cycle, between humans and anthropophilic Aedes aegypti mosquitoes. While the urban transmission cycle has been eradicated by a highly efficacious licensed vaccine, the enzootic transmission cycle is not amenable to control interventions, leading to recurrent epizootics and spillover outbreaks into human populations. The nature of YF transmission dynamics is multifactorial and encompasses a complex system of biotic, abiotic, and anthropogenic factors rendering predictions of emergence highly speculative. The recent outbreaks in Africa and Brazil clearly remind us of the significant impact YF emergence events pose on human and animal health. The magnitude of the Brazilian outbreak and spillover in densely populated areas outside the recommended vaccination coverage areas raised the specter of human — to — human transmission and re-establishment of enzootic cycles outside the Amazon basin. Herein, we review the factors that influence the re-emergence potential of YFV in the neotropics and offer insights for a constellation of coordinated approaches to better predict and control future YF emergence events.more » « less
-
We revisit the gap between what distributed systems need from the transport layer and what protocols in wide deployment provide. Such a gap complicates the implementation of distributed systems and impacts their performance. We introduce Tunable Multicast Communication (TMC), an abstraction that allows developers to easily specialize communication channels in distributed systems. TMC is presented as a deployable and extensible user-space library that exposes high-level tunable guarantees. TMC has the potential of improving the performance of distributed applications with minimal-to-zero development and deployment effort.more » « less
-
Denial of service (DoS) attacks increasingly exploit algorithmic, semantic, or implementation characteristics dormant in victim applications, often with minimal attacker resources. Practical and efficient detection of these asymmetric DoS attacks requires us to (i) catch offending requests in-flight, before they consume a critical amount of resources, (ii) remain agnostic to the application internals, such as the programming language or runtime system, and (iii) introduce low overhead in terms of both performance and programmer effort. This paper introduces FINELAME, a language-independent framework for detecting asymmetric DoS attacks. FINELAME leverages operating system visibility across the entire software stack to instrument key resource allocation and negotiation points. It leverages recent advances in the Linux extended Berkeley Packet Filter virtual machine to attach application-level interposition probes to key request processing functions, and lightweight resource monitors--user/kernel-level probes--to key resource allocation functions. The data collected is used to train a model of resource utilization that occurs throughout the lifetime of individual requests. The model parameters are then shared with the resource monitors, which use them to catch offending requests in-flight, inline with resource allocation. We demonstrate that FINELAME can be integrated with legacy applications with minimal effort, and that it is able to detect resource abuse attacks much earlier than their intended completion time while posing low performance overheads.more » « less