Verifying the Reliability of Operating System-Level Information Flow Control Systems in Linux

International audienceInformation Flow Control at Operating System (OS) level features interesting properties and have been an active topic of research for years. However, no implementation can work reliably if there does not exist a way to correctly and precisely track all information flows occurring in the system. The existing implementations for Linux are based on the Linux Security Modules (LSM) framework which implements hooks at speciic points in code where any security mechanism may interpose a security decision in the execution. However, previous works on the verification of LSM only addressed access control and no work has raised the question of the reliability of information flow control systems built on LSM. In this work, we present a compiler-assisted and reproducible static analysis on the Linux kernel to verify that the LSM hooks are correctly placed with respect to operations generating information flows so that LSM-based information flow monitors can properly track all information flows. Our results highlight flaws in LSM that we propose to solve, thus improving the suitability of this framework for the implementation of information flow monitors

Towards a Formal Semantics for System Calls in terms of Information Flow

ISBN: 978-1-61208-399-5ISSN: 2308-4243International audienceWe propose a new semantics for system calls, which focuses on the information flows they generate in a UNIX OS. We built a prototypal model of an OS and system calls using the concurrent transaction logic along with its interpreter. We have yet a few results and applications that show the usefulness of our semantics to model an OS from a kernel point of view. Once completed, we expect our semantics to enable us to extensively test security software implemented inside the kernel, among other use cases

Suivi de flux d'information correct sous Linux

National audienceÀ l’échelle des systèmes d’exploitation, le contrôle de flux d’information porte sur la façon dont les données circulent entre des objets tels que les pro- cessus, les fichiers, les sockets réseau, etc. afin de prévenir les fuites et mo- difications illégales d’information. La maîtrise des flux d’information peut servir de multiples objectifs si l’on peut garantir la qualité des implémenta- tions des moniteurs de flux d’information. Nous avons étudié Laminar [3], KBlare [6] et Weir [2], des moniteurs de flux d’information dont l’implé- mentation repose sur l’interface des Linux Security Modules (LSM). Même si LSM a été conçu à l’origine pour le contrôle d’accès [5], ces implémenta- tions laissent à penser que cette interface offre, d’un point de vue pratique, un bon support pour l’implémentation d’un moniteur de flux d’information. Nous examinons donc ici la question suivante : Est-il possible d’implémenter de manière fiable le contrôle de flux d’information sous Linux en se basant sur LSM? Nous décrivons ici deux axes de réflexion, l’un ayant conduit à vérifier une condition nécessaire, l’autre à proposer une condition suffisante pour répondre à cette question. Nous décrivons aussi Rfblare, la principale contribution pratique issue de ces travaux. Rfblare est une nouvelle version du suivi de flux d’information de KBlare résistante aux conditions de concur- rence entre appels système

Information Flow Tracking for Linux Handling Concurrent System Calls and Shared Memory

International audienceInformation flow control can be used at the Operating System level to enforce restrictions on the diffusion of security-sensitive data. In Linux, information flow trackers are often implemented as Linux Security Modules. They can fail to monitor some indirect flows when flows occur concurrently and affect the same containers of information. Furthermore, they are not able to monitor the flows due to file mappings in memory and shared memory between processes. We first present two attacks to evade state-of-the-art LSM-based trackers. We then describe an approach, formally proved with Coq to perform information flow tracking able to cope with concurrency and in-memory flows. We demonstrate its implementability and usefulness in Rfblare, a race condition-free version of the flow tracking done by KBlare

EMBO Mol Med

Glioblastoma is one of the most treatment-resistant and lethal cancers, with a subset of self-renewing brain tumour stem cells (BTSCs), driving therapy resistance and relapse. Here, we report that mubritinib effectively impairs BTSC stemness and growth. Mechanistically, bioenergetic assays and rescue experiments showed that mubritinib targets complex I of the electron transport chain, thereby impairing BTSC self-renewal and proliferation. Gene expression profiling and Western blot analysis revealed that mubritinib disrupts the AMPK/p27(Kip1) pathway, leading to cell-cycle impairment. By employing in vivo pharmacokinetic assays, we established that mubritinib crosses the blood-brain barrier. Using preclinical patient-derived and syngeneic models, we demonstrated that mubritinib delays glioblastoma progression and extends animal survival. Moreover, combining mubritinib with radiotherapy or chemotherapy offers survival advantage to animals. Notably, we showed that mubritinib alleviates hypoxia, thereby enhancing ROS generation, DNA damage, and apoptosis in tumours when combined with radiotherapy. Encouragingly, toxicological and behavioural studies revealed that mubritinib is well tolerated and spares normal cells. Our findings underscore the promising therapeutic potential of mubritinib, warranting its further exploration in clinic for glioblastoma therapy

Trial of Lixisenatide in Early Parkinson’s Disease

International audienceBackground: Lixisenatide, a glucagon-like peptide-1 receptor agonist used for the treatment of diabetes, has shown neuroprotective properties in a mouse model of Parkinson's disease.Methods: In this phase 2, double-blind, randomized, placebo-controlled trial, we assessed the effect of lixisenatide on the progression of motor disability in persons with Parkinson's disease. Participants in whom Parkinson's disease was diagnosed less than 3 years earlier, who were receiving a stable dose of medications to treat symptoms, and who did not have motor complications were randomly assigned in a 1:1 ratio to daily subcutaneous lixisenatide or placebo for 12 months, followed by a 2-month washout period. The primary end point was the change from baseline in scores on the Movement Disorder Society-Unified Parkinson's Disease Rating Scale (MDS-UPDRS) part III (range, 0 to 132, with higher scores indicating greater motor disability), which was assessed in patients in the on-medication state at 12 months. Secondary end points included other MDS-UPDRS subscores at 6, 12, and 14 months and doses of levodopa equivalent.Results: A total of 156 persons were enrolled, with 78 assigned to each group. MDS-UPDRS part III scores at baseline were approximately 15 in both groups. At 12 months, scores on the MDS-UPDRS part III had changed by -0.04 points (indicating improvement) in the lixisenatide group and 3.04 points (indicating worsening disability) in the placebo group (difference, 3.08; 95% confidence interval, 0.86 to 5.30; P = 0.007). At 14 months, after a 2-month washout period, the mean MDS-UPDRS motor scores in the off-medication state were 17.7 (95% CI, 15.7 to 19.7) with lixisenatide and 20.6 (95% CI, 18.5 to 22.8) with placebo. Other results relative to the secondary end points did not differ substantially between the groups. Nausea occurred in 46% of participants receiving lixisenatide, and vomiting occurred in 13%.Conclusions: In participants with early Parkinson's disease, lixisenatide therapy resulted in less progression of motor disability than placebo at 12 months in a phase 2 trial but was associated with gastrointestinal side effects. Longer and larger trials are needed to determine the effects and safety of lixisenatide in persons with Parkinson's disease

Surgery for the treatment of arterial hypertension in patients with unilateral adrenal incidentalomas and mild autonomous cortisol secretion (CHIRACIC): a multicentre, open-label, superiority randomised controlled trial

International audienceBackgroundAdrenal incidentalomas are found in 3–10% of adults undergoing abdominal imaging. Of these, 30–50% are responsible for mild autonomous cortisol secretion (MACS), which is frequently associated with hypertension. The impact of adrenalectomy on hypertension in patients with unilateral incidentalomas and MACS remains uncertain. The aim of the CHIRACIC study was to prospectively assess the impact of surgical excision of the incidentaloma on blood pressure with a randomised trial combining accurate blood pressure measurement and standardisation of antihypertensive treatment.MethodsCHIRACIC was a multicentre, superiority, open-label, parallel, randomised controlled trial performed at 17 university hospitals in France, Italy, and Germany. Adults with hypertension with MACS entered a run-in phase to confirm hypertension with multiple home blood pressure measurements (HBPM) before blood pressure was normalised with standardised stepped-care antihypertensive treatment. Eligible participants were then randomly assigned (1:1) to adrenalectomy or conservative management. Randomisation was blocked (random block size of 4 and 6) and stratified by intensity of antihypertensive treatment. Participants were followed up for 13 months and systematic attempts were made to gradually reduce antihypertensive treatment. The primary endpoint was the proportion of normotensive participants using HBPM who reduced their antihypertensive treatment in the intention-to-treat population at study completion. Key secondary endpoints included 24 h ambulatory blood pressure measurement (ABPM), mean change in antihypertensive treatment, and the proportion of participants with antihypertensive treatment at study completion. This study was registered with ClinicalTrials.gov, NCT02364089, and is completed.FindingsBetween April 9, 2015 and Nov 23, 2022, 78 patients were enrolled, and 52 eligible participants were randomly assigned to adrenalectomy (n=26, 23 underwent adrenalectomy and completed the study) or conservative management (n=26, 25 completed the study). The median age of participants was 63·3 years (IQR 57·4–68·2) and 36 (69%) were female. At study completion, a reduction in antihypertensive treatment with normal HBPM was observed in 12 (46%) of 26 participants treated with adrenalectomy and in four (15%) of 26 treated conservatively (adjusted risk difference [RD] 0·34 [95% CI 0·11 to 0·58]; p=0·0038). Similar results of smaller magnitude were observed for systolic blood pressure during 24 h ABPM. There were ten (43%) of 23 participants still needing antihypertensive treatment in the adrenalectomy group and 24 (96%) of 25 in the conservative management group (adjusted RD –0·58 [95% CI –0·78 to –0·38]; p<0·0001). Mean antihypertensive treatment step was 0·8 (SD 1·1) in the adrenalectomy group and 3·0 (1·4) in the conservative management groups (adjusted difference –2·05 [95% CI –2·61 to –1·50]; p<0·0001]. The number of patients with normal systolic HBPM and no hypertensive treatment was 12 (52%) of 23 in the adrenalectomy group and none in the conservative management group. Serious adverse events occurred in eight (35%) of 23 participants in the adrenalectomy group and eight (31%) of 26 participants in the conservative management group. Three serious adverse events for three (13%) participants were related to the surgery (post-surgical wall pain and hypotension).InterpretationMACS associated with unilateral adrenal incidentalomas is responsible for secondary hypertension that can be safely improved by minimally-invasive adrenalectomy

Bi-allelic <i>MED16 </i>variants cause a MEDopathy with intellectual disability, motor delay, and craniofacial, cardiac, and limb malformations

The Mediator complex regulates protein-coding gene transcription by coordinating the interaction of upstream enhancers with the basal transcription machinery at the promoter. Pathogenic variants in Mediator subunits typically lead to neurodevelopmental or neurodegenerative disorders with variable clinical presentations, designated as MEDopathies. Here, we report the identification of 25 individuals from 18 families with bi-allelic MED16 variants who have a multiple congenital anomalies (MCAs)-intellectual disability syndrome. Intellectual disability, speech delay, and/or motor delay of variable severity were constant and associated with variable combinations of craniofacial defects (micro/retrognathia, cleft palate, and preauricular tags), anomalies of the extremities, and heart defects (predominantly tetralogy of Fallot). Visual impairment, deafness, and magnetic resonance imaging (MRI) abnormalities were also frequent. The 26 variants identified were comprised of eight predicted protein-truncating (three intragenic deletions, two frameshifts, and one nonsense and two essential splice site variants) and 18 missense or in-frame duplication variants affecting conserved residues, without clear correlation between phenotypic severity and variant type combination. Three-dimensional modeling indicated that the missense and duplication variants likely have a destabilizing effect on the structural elements of the protein. Immunofluorescence assays demonstrated protein mislocalization from the nucleus to the cytoplasm for 16 of the 17 variants studied. Homozygous mutant med16 zebrafish presented growth delay and increased mortality compared with wild-type fish, and Med16 knockout mice are preweaning lethal, highlighting the conserved requirement of MED16 for development. Overall, we describe an autosomal recessive MCAs-intellectual disability MEDopathy, emphasizing the importance of Mediator during neurodevelopment and suggesting that some tissues are particularly sensitive to the loss of certain subunits.</p