Modern systems assume that privileged software always behaves as expected, however, such assumptions may not hold given the prevalence of kernel vulnerabilities. One idea is to employ defenses to restrict how adversaries may exploit such vulnerabilities, such as Control-Flow Integrity (CFI), which restricts execution to a Control-Flow Graph (CFG). However, proposed applications of CFI enforcement to kernel software are too coarse-grained to restrict the adversary effectively and either fail to enforce CFI comprehensively or are very expensive.We present a mostly-automated approach for retrofitting kernel software that leverages features of such software to enable comprehensive, efficient, fine-grained CFI enforcement. We achieve this goal by leveraging two insights. We first leverage the conservative function pointer usage patterns found in the kernel source code to develop a method to compute fine-grained CFGs for kernel software. Second, we identify two opportunities for removing CFI instrumentation relative to prior optimization techniques: reusing existing kernel instrumentation and creating direct transfers, where possible. Using these insights, we show how to choose optimized defenses for kernels to handle system events, enabling comprehensive and efficient CFI enforcement.We evaluate the effectiveness of the proposed fine-grained CFI instrumentation by applying the retrofitting approach comprehensively to FreeBSD, the MINIX microkernel system, and MINIX's user-space servers, and applying this approach partly to the BitVisor hypervisor. We show that our approach eliminates over 70% of the indirect targets relative to the best current, fine-grained CFI techniques, while our optimizations reduce the instrumentation necessary to enforce coarse-grained CFI. The performance improvement due to our optimizations ranges from 51%/25% for MINIX to 12%/17% for FreeBSD for the average/maximum microbenchmark overhead. The evaluation shows that fine-grained CFI instrumentation can be computed for kernel software in practice and can be enforced more efficiently than coarse-grained CFI instrumentation.
The rapid evolution of Internet-of-Things (IoT) technologies has led to an emerging need to make them smarter. A variety of applications now run simultaneously on an ARMbased processor. For example, devices on the edge of the Internet are provided with higher horsepower to be entrusted with storing, processing and analyzing data collected from IoT devices. This significantly improves efficiency and reduces the amount of data that needs to be transported to the cloud for data processing, analysis and storage. However, commodity OSes are prone to compromise. Once they are exploited, attackers can access the data on these devices. Since the data stored and processed on the devices can be sensitive, left untackled, this is particularly disconcerting.In this paper, we propose a new system, TrustShadow that shields legacy applications from untrusted OSes. TrustShadow takes advantage of ARM TrustZone technology and partitions resources into the secure and normal worlds. In the secure world, TrustShadow constructs a trusted execution environment for security-critical applications. This trusted environment is maintained by a lightweight runtime system that coordinates the communication between applications and the ordinary OS running in the normal world. The runtime system does not provide system services itself. Rather, it forwards requests for system services to the ordinary OS, and verifies the correctness of the responses. To demonstrate the efficiency of this design, we prototyped TrustShadow on a real chip board with ARM TrustZone support, and evaluated its performance using both microbenchmarks and real-world applications. We showed TrustShadow introduces only negligible overhead to real-world applications.
Cancer immunotherapy has revolutionized the field of cancer treatment in recent years. However, not all patients receiving cancer immunotherapy exhibit durable responses, and reliable, high-throughput testing platforms are urgently needed to guide personalized cancer immunotherapy. The ability of patient-derived tumor organoids to recapitulate pivotal features of original cancer tissues makes them useful as a preclinical model for cancer research and precision medicine. Nevertheless, many challenges exist in the translation of tumor organoid research to clinical decision making. Herein we discuss the applications of patient-derived tumor organoid models and the advances and potential of using complex immune-organoid systems as testing platforms to facilitate precision cancer immunotherapy. In addition, we highlight intriguing applications of tumor organoids with novel multi-omics in preclinical cancer research, highlighting genetic editing, proteomics, and liquid biopsy.
Polygonum perfoliatum L. belongs to the genus Polygonaceae and has a long history to be used as a Chinese medicinal herb to reduce swelling, control body temperature, and promote detoxification. However, its anticancer activity and mechanisms of action have not been evaluated yet. In the present study, we used several cell lines and xenograft models from different cancers to demonstrate the broad-spectrum anticancer activity of P. perfoliatum L as well as its underlying mechanisms of action in vitro and in vivo . The ethyl acetate extract of P. perfoliatum L showed good anticancer activity and was further fractioned to obtain five active components, including PEA to PEE. Among these fractions, PEC showed the strongest cytotoxicities against various cancer cell lines. It was further observed that PEC inhibited cancer cell growth, arrested cells at G2 phase, and induced apoptosis in vitro and suppressed tumor growth and angiogenesis in vivo in a dose- and time-dependent manner. Furthermore, PEC decreased the expression of vascular endothelial growth factor (VEGF) and micro-vascular density (MVD) in tumor tissues in vivo . It also promoted the proliferation of T and B lymphocytes, increased the activities of natural killer (NK) cells and cytotoxic T lymphocytes (CTLs), enhanced the secretion of interleukin 2 (IL-2) by spleen cells, and raised the levels of IgG, IgG2a, and IgG2b antibodies in tumor-bearing mice in vivo , which were at least partially responsible for the anticancer activity of PEC. In summary, PEC has shown broad-spectrum anticancer activities without causing any host toxicity in vitro and in vivo and may be developed as a preventive and therapeutic agent against human cancer. Further studies are urgently needed to determine the anticancer compounds in PEC and their detailed molecular mechanisms.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.