DOCSLIB.ORG

Scaling Symbolic Evaluation for Automated Verification of Systems Code with Serval

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Scaling Symbolic Evaluation for Automated Verification of Systems Code with Serval Scaling symbolic evaluation for automated verification of systems code with Serval Luke Nelson James Bornholt Ronghui Gu University of Washington University of Washington Columbia University Andrew Baumann Emina Torlak Xi Wang Microsoft Research University of Washington University of Washington Abstract But the benefits of formal verification come at a consider- This paper presents Serval, a framework for developing au- able cost. Writing proofs requires a time investment that is tomated verifiers for systems software. Serval provides an usually measured in person-years, and the size of proofs can extensible infrastructure for creating verifiers by lifting in- be several times or even more than an order of magnitude terpreters under symbolic evaluation, and a systematic ap- larger than that of implementation code [49: §7.2]. proach to identifying and repairing verification performance The push-button verification approach [65, 74, 75] frees bottlenecks using symbolic profiling and optimizations. developers from such proof burden through co-design of Using Serval, we build automated verifiers for the RISC-V, systems and verifiers to achieve a high degree of automation, x86-32, LLVM, and BPF instruction sets. We report our ex- at the cost of generality. This approach asks developers to perience of retrofitting CertiKOS and Komodo, two systems design interfaces to be finite so that the semantics of each in- previously verified using Coq and Dafny, respectively, for terface operation (such as a system call) is expressible as a set automated verification using Serval, and discuss trade-offs of traces of bounded length (i.e., the operation can be imple- of different verification methodologies. In addition, we apply mented without using unbounded loops). Given the problem Serval to the Keystone security monitor and the BPF compil- of verifying a finite implementation against its specification, ers in the Linux kernel, and uncover 18 new bugs through a domain-specific automated verifier reduces this problem verification, all confirmed and fixed by developers. to a satisfiability query using symbolic evaluation [32] and discharges the query with a solver such as Z3 [31]. ACM Reference Format: While promising, this co-design approach raises three Luke Nelson, James Bornholt, Ronghui Gu, Andrew Baumann, Em- open questions: How can we write automated verifiers that ina Torlak, and Xi Wang. 2019. Scaling symbolic evaluation for are easy to audit, optimize, and retarget to new systems? automated verification of systems code with Serval. In ACM SIGOPS How can we identify and repair verification performance 27th Symposium on Operating Systems Principles (SOSP ’19), October 27–30, 2019, Huntsville, ON, Canada. ACM, New York, NY, USA, bottlenecks due to path explosion? How can we retrofit sys- 18 pages. https://doi.org/10.1145/3341301.3359641 tems that were not designed for automated verification? This paper aims to answer these questions. First, we present Serval, an extensible framework for writ- 1 Introduction ing automated verifiers. In prior work on push-button ver- Formal verification provides a general approach to proving ification [65, 74, 75], a verifier implements symbolic evalu- critical properties of systems software [48]. To verify the ation for specific systems, which both requires substantial correctness of a system, developers write a specification of its expertise and makes the resulting verifiers difficult to reuse. intended behavior, and construct a machine-checkable proof In contrast, Serval developers write an interpreter for an to show that the implementation satisfies the specification. instruction set using Rosette [80, 81], an extension of the This process is effective at eliminating entire classes of bugs, Racket language [35] for symbolic reasoning. Serval lever- ranging from memory-safety vulnerabilities to violations of ages Rosette to “lift” an interpreter into a verifier; we use the functional correctness and information-flow policies [49]. term “lift” to refer to the process of transforming a regular program to work on symbolic values [76]. Permission to make digital or hard copies of part or all of this work for Using Serval, we build automated verifiers for RISC-V [85], personal or classroom use is granted without fee provided that copies are x86-32, LLVM [54], and Berkeley Packet Filter (BPF) [37]. not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third- These verifiers are simple and easy to understand, and inherit party components of this work must be honored. For all other uses, contact from Rosette vital optimizations for free, such as constraint the owner/author(s). caching [18], partial evaluation [45], and state merging [52]. SOSP ’19, October 27–30, 2019, Huntsville, ON, Canada They are also reusable and interoperable; for instance, we ap- © 2019 Copyright held by the owner/author(s). ply the RISC-V verifier to verify the functional correctness of ACM ISBN 978-1-4503-6873-5/19/10. https://doi.org/10.1145/3341301.3359641 1 SOSP ’19, October 27–30, 2019, Huntsville, ON, Canada Luke Nelson et al. security monitors, and (together with the BPF verifier) to find x86-32 in the Linux kernel. We find a total of 18 new bugs, bugs in the Linux kernel’s BPF just-in-time (JIT) compilers. all confirmed and fixed by developers. Second, the complexity of systems software makes auto- Through this paper, we address the key concerns facing mated verification computationally intractable. In practice, developers looking to apply automated verification: the ef- this complexity manifests as path explosion during symbolic fort required to write verifiers, the difficulty of diagnosing evaluation, which both slows down the generation of verifi- and fixing performance bottlenecks in these verifiers, and cation queries and leads to queries that are too difficult for the applicability of this approach to existing systems. Serval the solver to discharge. A key to scalability is thus for veri- enables us, with a reasonable effort, to develop multiple ver- fiers to minimize path explosion, and to produce constraints ifiers, apply the verifiers to a range of systems, and findpre- that are amenable to solving with effective decision proce- viously unknown bugs. As an increasing number of systems dures and heuristics. Both of these tasks are challenging, as are designed with formal verification in mind [29, 55, 71, 88], evidenced by the large body of research addressing each [5]. we hope that our experience and discussion of three rep- To address this challenge, Serval adopts recent advances in resentative verification methodologies—CertiKOS, Komodo, symbolic profiling [13], a systematic approach to identifying and Serval—will help better understand their trade-offs and performance bottlenecks in symbolic evaluation. By manu- facilitate a wider adoption of verification in systems software. ally analyzing profiler output, we develop a catalog of com- In summary, the main contributions of this paper are as mon performance bottlenecks for automated verifiers, which follows: (1) the Serval framework for writing reusable and arise from handling indirect branches, memory accesses, trap scalable automated verifiers by lifting interpreters and ap- dispatching, etc. To repair such bottlenecks, Serval intro- plying symbolic optimizations; (2) automated verifiers for duces a set of symbolic optimizations, which enable verifiers RISC-V, x86-32, LLVM, and BPF built using Serval; and (3) to exploit domain knowledge to improve the performance of our experience retrofitting two prior security monitors to symbolic evaluation and produce solver-friendly constraints automated verification and finding bugs in existing systems. for a class of systems. As we will show, these symbolic opti- mizations are essential to scale automated verification. Third, automated verifiers restrict the types of properties 2 Related work and systems that can be verified in exchange for proof au- Interactive verification. There is a long and rich history of tomation. To understand what changes are needed to retrofit using interactive theorem provers to verify the correctness an existing system to automated verification and the limi- of systems software [48]. These provers provide expressive tations of this methodology, we conduct case studies using logics for developers to manually construct a correctness two state-of-the-art verified systems: CertiKOS [30], a se- proof of an implementation with respect to a specification. curity monitor that provides strict isolation on x86 and is A pioneering effort in this area is the KIT kernel [8], which verified using the Coq interactive theorem prover [79], and demonstrates the feasibility of verification at the machine- Komodo [36], a security monitor that provides software en- code level. It consists of roughly 300 lines of instructions and claves on ARM and is verified using the Dafny auto-active is verified using the Boyer-Moore theorem prover [14]. theorem prover [56]. Our case studies show that the inter- The seL4 project [49, 50] achieved the first functional faces of such low-level, lightweight security monitors are correctness proof of a general-purpose microkernel. seL4 is already finite, making them a viable target for Serval, even written in about 10,000 lines of C and assembly, and verified though they were not designed for automated verification. using the Isabelle/HOL theorem prover [66]. This effort took We port both
Load more

Recommended publications
  • A Critical Review of Acquisitions Within the Australian Vocational Education and Training Sector 2012 to 2017 Kristina M. Nicho
    A Critical Review of Acquisitions within the Australian Vocational Education and Training Sector 2012 to 2017 Kristina M. Nicholls Victoria University Business School Submitted in fulfilment of requirements for the degree of Doctor of Business Administration 2020 Abstract A Critical Review of Acquisitions within the Vocational Education and Training Sector 2012 to 2017 Organisations often look to acquisitions as a means of achieving their growth strategy. However, notwithstanding the theoretical motivations for engaging in acquisitions, research has shown that the acquiring organisation, following the acquisition, frequently experiences a fall in share price and degraded operating performance. Given the failure rates that are conservatively estimated at over 50%, the issue of acquisitions is worthy of inquiry in order to determine what factors make for a successful or alternately an unsuccessful outcome. The focus of this study is the vocational education sector in Australia, where private registered training organisations [RTOs] adopted acquisitions as a strategy to increase their market share and/or support growth strategies prompted by deregulation and a multi-billion dollar training investment by both Australian State and Federal governments in the past ten years. Fuelled by these changes in Government policy, there was a dramatic growth in RTO acquisitions between the period 2012 and 2017. Many of these acquisitions ended in failure, including several RTOs that listed on the Australian Stock Exchange [ASX]. This study investigates acquisitions of Australian RTOs, focusing on the period from 2012 to 2017 [study period]. The aim is to understand what factors contributed to the success and/or failure of acquisitions of registered training organisations in the Australian Private Education Sector.
    [Show full text]
  • Total Cost of Ownership and Open Source Software
    What Place Does Open Source Software Have In Australian And New Zealand Schools’ and Jurisdictions’ ICT Portfolios? TOTAL COST OF OWNERSHIP AND OPEN SOURCE SOFTWARE Research paper by Kathryn Moyle Department of Education and Children’s Services South Australia July 2004 1 Contents Contents 2 List of tables and diagrams 3 Abbreviations 4 Acknowledgements 5 Executive summary 6 Options for future actions 7 Introduction 9 Key questions 9 Open source software and standards 9 Comparison of open source and proprietary software licences 11 Building on recent work 12 Contexts 14 Use of ICT in schools 14 Current use of open source software in Australia and New Zealand 14 Procurement and deployment of ICT 15 Department of Education and Children’s Services, South Australia 16 What is total cost of ownership? 17 Purpose of undertaking a total cost of ownership analysis 17 Why undertake total cost of ownership work? 17 How can total cost of ownership analyses help schools, regions and central agencies plan? 17 Total cost of ownership analyses should not be undertaken in isolation 18 Total cost of ownership and open source software 18 Review of literature 19 Open source software in government schools 19 Total cost of ownership 20 Total cost of ownership in schools 21 Total cost of ownership, open source software and schools 23 Summary 25 Undertaking a financial analysis 26 Principles underpinning a total cost of ownership 26 Processes 27 Testing a financial model: Total Cost of Ownership in a school 33 Scenario 33 Future plans 40 ICT deployment options
    [Show full text]
  • Page 14 Street, Hudson, 715-386-8409 (3/16W)
    JOURNAL OF THE AMERICAN THEATRE ORGAN SOCIETY NOVEMBER | DECEMBER 2010 ATOS NovDec 52-6 H.indd 1 10/14/10 7:08 PM ANNOUNCING A NEW DVD TEACHING TOOL Do you sit at a theatre organ confused by the stoprail? Do you know it’s better to leave the 8' Tibia OUT of the left hand? Stumped by how to add more to your intros and endings? John Ferguson and Friends The Art of Playing Theatre Organ Learn about arranging, registration, intros and endings. From the simple basics all the way to the Circle of 5ths. Artist instructors — Allen Organ artists Jonas Nordwall, Lyn Order now and recieve Larsen, Jelani Eddington and special guest Simon Gledhill. a special bonus DVD! Allen artist Walt Strony will produce a special DVD lesson based on YOUR questions and topics! (Strony DVD ships separately in 2011.) Jonas Nordwall Lyn Larsen Jelani Eddington Simon Gledhill Recorded at Octave Hall at the Allen Organ headquarters in Macungie, Pennsylvania on the 4-manual STR-4 theatre organ and the 3-manual LL324Q theatre organ. More than 5-1/2 hours of valuable information — a value of over $300. These are lessons you can play over and over again to enhance your ability to play the theatre organ. It’s just like having these five great artists teaching right in your living room! Four-DVD package plus a bonus DVD from five of the world’s greatest players! Yours for just $149 plus $7 shipping. Order now using the insert or Marketplace order form in this issue. Order by December 7th to receive in time for Christmas! ATOS NovDec 52-6 H.indd 2 10/14/10 7:08 PM THEATRE ORGAN NOVEMBER | DECEMBER 2010 Volume 52 | Number 6 Macy’s Grand Court organ FEATURES DEPARTMENTS My First Convention: 4 Vox Humana Trevor Dodd 12 4 Ciphers Amateur Theatre 13 Organist Winner 5 President’s Message ATOS Summer 6 Directors’ Corner Youth Camp 14 7 Vox Pops London’s Musical 8 News & Notes Museum On the Cover: The former Lowell 20 Ayars Wurlitzer, now in Greek Hall, 10 Professional Perspectives Macy’s Center City, Philadelphia.
    [Show full text]
  • The Dark Side of the Attack on Colonial Pipeline
    “Public GitHub is 54 often a blind spot in the security team’s perimeter” Jérémy Thomas Co-founder and CEO GitGuardian Volume 5 | Issue 06 | June 2021 Traceable enables security to manage their application and API risks given the continuous pace of change and modern threats to applications. Know your application DNA Download the practical guide to API Security Learn how to secure your API's. This practical guide shares best practices and insights into API security. Scan or visit Traceable.ai/CISOMag EDITOR’S NOTE DIGITAL FORENSICS EDUCATION MUST KEEP UP WITH EMERGING TECHNOLOGIES “There is nothing like first-hand evidence.” Brian Pereira - Sherlock Holmes Volume 5 | Issue 06 Editor-in-Chief June 2021 f the brilliant detective Sherlock Holmes and his dependable and trustworthy assistant Dr. Watson were alive and practicing today, they would have to contend with crime in the digital world. They would be up against cybercriminals President & CEO Iworking across borders who use sophisticated obfuscation and stealth techniques. That would make their endeavor to Jay Bavisi collect artefacts and first-hand evidence so much more difficult! As personal computers became popular in the 1980s, criminals started using PCs for crime. Records of their nefarious Editorial Management activities were stored on hard disks and floppy disks. Tech-savvy criminals used computers to perform forgery, money Editor-in-Chief Senior Vice President laundering, or data theft. Computer Forensics Science emerged as a practice to investigate and extract evidence from Brian Pereira* Karan Henrik personal computers and associated media like floppy disk, hard disk, and CD-ROM. This digital evidence could be used [email protected] [email protected] in court to support cases.
    [Show full text]
  • Operating System Security – a Short Note
    Operating System Security – A Short Note 1,2Mr. Kunal Abhishek, 2Dr. E. George Dharma Prakash Raj 1Society for Electronic Transactions and Security (SETS), Chennai 2Bharathidasan University, Trichy [email protected], [email protected] 1. Introduction An Operating System (OS) is viewed as a Reference Monitor (RM) or a Reference Validation Mechanism (RVM) that provides basic level security. In [1], Anderson reported three design requirements for a Reference Monitor or Operating System. He suggested that an OS or RM should be tamper proof that means OS programs are not alterable, OS should always be invoked and OS must be small enough for analysis and testing purposes so that completeness of which can be assured. These OS design requirements became the deriving principle of OS development. A wide range of operating systems follow Anderson’s design principles in modern time. It was also observed in [2] that most of the attacks are imposed either on OS itself or on the programs running on the OS. The attacks on OS can be mitigated through formal verification to a great extent which prove the properties of OS code on various criteria like safeness, reliability, validity and completeness etc. Also, formal verification of OS is an intricate task which is feasible only when RVM or RM is small enough for analysis and testing within a reasonable time frame. Other way of attacking an OS is to attack the programs like device drivers running on top of it and subsequently inject malware through these programs interfacing with the OS. Thus, a malware can be injected in to the sensitive kernel code to make OS malfunction.
    [Show full text]
  • November 1981
    ... - ~.~ AMERICAN VIOLA SOCIETY American Chapter of the INTERNATIONALE VIOLA FORSCHUNGSGESELLSCHAFr November NKtNSLETTEFt 21 19t5l A MESSAGE -.FftOK OUR- NEW- PRESIDENT-_.-_-- A Tribute to Myron ftoaenblulD I want to thank the members of the American Viola Society for trle honor you have beatowed on me in the recent electiona. I am indeed grateful, but alac awed by the responsibility of being the prei1dent of the American Viola Society. It wll1~be very difficult to fill the ahoes of Myron Roaenblum, the founder of our Society. Durin! hi. tenure as prealdemt, the society member­ ah1p has grown to over 38' memberlil. For many yearl, Myron was the preslden.t, secretary, treasurer, and edltorof the Newsletter of our organization. In addition, his home was stored with booka, music, and recordinga w·hich were ma.de available to members of the Society at reduced ratel. Mra. Pto8enblum ahould a1ao receive due credit for a811atanoe and interest in this project, which did not include any monetary profit. The New.letter, which Myron hal ed1ted, hag been a. source of information 1n all ares.& perralnin~ to the viola. ",:tTe all regret that this will be the la&t Newiletter written by Myron. He will continue, however, to contribute articles and act a8 .n advlaer for future issues. The recently ratified iy-La.wl of the American Viola Society provide that the immediate Past-Prealdent will contluue to serve aa an officer. Thil 1. indeed fortunate for the new president. I aha.II rely on Myren for advice and aaalatance during the next two yeara, whenever new problema confront the Society.
    [Show full text]
  • Advanced Development of Certified OS Kernels Prof
    Advanced Development of Certified OS Kernels Zhong Shao (PI) and Bryan Ford (Co-PI) Department of Computer Science Yale University P.O.Box 208285 New Haven, CT 06520-8285, USA {zhong.shao,bryan.ford}yale.edu July 15, 2010 1 Innovative Claims Operating System (OS) kernels form the bedrock of all system software—they can have the greatest impact on the resilience, extensibility, and security of today’s computing hosts. A single kernel bug can easily wreck the entire system’s integrity and protection. We propose to apply new advances in certified software [86] to the development of a novel OS kernel. Our certified kernel will offer safe and application-specific extensibility [8], provable security properties with information flow control, and accountability and recovery from hardware or application failures. Our certified kernel builds on proof-carrying code concepts [74], where a binary executable includes a rigorous machine-checkable proof that the software is free of bugs with respect to spe- cific requirements. Unlike traditional verification systems, our certified software approach uses an expressive general-purpose meta-logic and machine-checkable proofs to support modular reason- ing about sophisticated invariants. The rich meta-logic enables us to verify all kinds of low-level assembly and C code [10,28,31,44,68,77,98] and to establish dependability claims ranging from simple safety properties to advanced security, correctness, and liveness properties. We advocate a modular certification framework for kernel components, which mirrors and enhances the modularity of the kernel itself. Using this framework, we aim to create not just a “one-off” lump of verified kernel code, but a statically and dynamically extensible kernel that can be incrementally built and extended with individual certified modules, each of which will provably preserve the kernel’s overall safety and security properties.
    [Show full text]
  • And Big Companies
    The Pmarca Blog Archives (select posts from 2007-2009) Marc Andreessen copyright: Andreessen Horowitz cover design: Jessica Hagy produced using: Pressbooks Contents THE PMARCA GUIDE TO STARTUPS Part 1: Why not to do a startup 2 Part 2: When the VCs say "no" 10 Part 3: "But I don't know any VCs!" 18 Part 4: The only thing that matters 25 Part 5: The Moby Dick theory of big companies 33 Part 6: How much funding is too little? Too much? 41 Part 7: Why a startup's initial business plan doesn't 49 matter that much THE PMARCA GUIDE TO HIRING Part 8: Hiring, managing, promoting, and Dring 54 executives Part 9: How to hire a professional CEO 68 How to hire the best people you've ever worked 69 with THE PMARCA GUIDE TO BIG COMPANIES Part 1: Turnaround! 82 Part 2: Retaining great people 86 THE PMARCA GUIDE TO CAREER, PRODUCTIVITY, AND SOME OTHER THINGS Introduction 97 Part 1: Opportunity 99 Part 2: Skills and education 107 Part 3: Where to go and why 120 The Pmarca Guide to Personal Productivity 127 PSYCHOLOGY AND ENTREPRENEURSHIP The Psychology of Entrepreneurial Misjudgment: 142 Biases 1-6 Age and the Entrepreneur: Some data 154 Luck and the entrepreneur: The four kinds of luck 162 Serial Entrepreneurs 168 THE BACK PAGES Top 10 science Dction novelists of the '00s ... so far 173 (June 2007) Bubbles on the brain (October 2009) 180 OK, you're right, it IS a bubble (October 2009) 186 The Pmarca Guide to Startups Part 1: Why not to do a startup In this series of posts I will walk through some of my accumu- lated knowledge and experience in building high-tech startups.
    [Show full text]
  • A Survey of Security Research for Operating Systems∗
    A Survey of Security Research for Operating Systems∗ Masaki HASHIMOTOy Abstract In recent years, information systems have become the social infrastructure, so that their security must be improved urgently. In this paper, the results of the sur- vey of virtualization technologies, operating system verification technologies, and access control technologies are introduced, in association with the design require- ments of the reference monitor introduced in the Anderson report. Furthermore, the prospects and challenges for each of technologies are shown. 1 Introduction In recent years, information systems have become the social infrastructure, so that improving their security has been an important issue to the public. Besides each of security incidents has much more impact on our social life than before, the number of security incident is increasing every year because of the complexity of information systems for their wide application and the explosive growth of the number of nodes connected to the Internet. Since it is necessary for enhancing information security to take drastic measures con- cerning technologies, managements, legislations, and ethics, large numbers of researches are conducted throughout the world. Especially focusing on technologies, a wide variety of researches is carried out for cryptography, intrusion detection, authentication, foren- sics, and so forth, on the assumption that their working basis is safe and sound. The basis is what is called an operating system in brief and various security enhancements running on it are completely useless if it is vulnerable and unsafe. Additionally, if the operating system is safe, it is an urgent issue what type of security enhancements should be provided from it to upper layers.
    [Show full text]
  • Using Formal Methods to Enable More Secure Vehicles: DARPA's HACMS Program
    Using Formal Methods to Enable More Secure Vehicles: DARPA's HACMS Program Kathleen Fisher Tufts University 16 April 2015 (Slides based on original DARPA HACMS slides) Pervasive Vulnerability to Cyber Attack SCADA Systems Medical Devices Vehicles Computer Peripherals Appliances Communication Devices 2 Modern Automobile: Many Remote Attack Vectors Mechanic Short-range wireless Long-range wireless © WiFi Alliance Source: Source: www.diytrade.com Source: CanOBD2 www.theunlockr.com © Bluetooth SIG, Inc. Source: www.custom-build- computers.com Source: American Car Company Source: christinayy.blogspot.com Source: www.wikipedia.org Source: www.zedomax.com Source: Koscher, K., et al. Entertainment “Experimental Security Analysis of a Modern Automobile” 3 Securing Cyber-Physical Systems: State of the Art Control Systems Cyber Systems • Air gaps & obscurity • Anti-virus scanning, intrusion detection systems, patching infrastructure Forget the myth of the air gap – the control system that is completely isolated is history. • This approach cannot solve the problem. -- Stefan Woronka, 2011 Siemens Director of Industrial Security Services • Not convergent with the threat • Focused on known vulnerabilities; can miss • Trying to adopt cyber approaches, but zero-day exploits technology is not a good fit: • Can introduce newUNCLASSIFIED vulnerabilities and • Resource constraints, real-time deadlines Additional security layers often create vulnerabilities… privilege escalation opportunities • Extreme cost pressures October 2010 Vulnerability Watchlist Vulnerability
    [Show full text]
  • June 28, 2019, NIH Record, Vol. LXXI, No. 13
    June 28, 2019 Vol . LXXI, No . 13 of the Center for Genomic Medicine at Massachusetts General Hospital, director of the Cardiovascular Disease Initiative at the Broad Institute and professor of ‘SMOOTHIE, NOT FRUIT SALAD’ medicine at Harvard Medical School—at Role of Genes, Lifestyle least until he gives all these up to become CEO of a company called Verve in mid-July— Explored in Heart Attack described new avenues of preventing BY RICH MCMANUS coronary artery disease, the leading global What if you knew you could spare yourself cause of mortality. and your loved ones the devastation of heart It has long been known that heart attacks attack—especially while you are still young— run in families and that the younger the by paying attention to data you could have victim is, the more likely he or she drew discovered at birth? an unfortunate inheritance. There are Owing largely to the massive amounts three main paths to one’s genetic risk of of data from large-scale genome-wide myocardial infarction (MI), said Kathiresan: association studies funded by NIH and new the monogenic model (4 genes stand out, population-based biorepositories such as especially FH, among a survey of many Dr . Sekar Kathiresan the UK Biobank, scientists can now tease thousands, as conferring a 2- to 5-fold risk of out the respective contributions of genetic MI); the polygenic model (common variant predisposition and environmental exposure In a Wednesday Afternoon Lecture on association studies have linked some 95 to the development of diseases, including May 22 titled “Genes, lifestyle and risk for genetic loci to coronary risk.
    [Show full text]
  • Part II: Company Profiles
    Leading in Local | From National to Local: Mobile Advertising Zeros In| Part II, Company Profiles Leading in Local From National to Local: Mobile Advertising Zeros In Part II: Company Profiles February 2013 © Copyright February 2013, All Rights Reserved, BIA/Kelsey Copyright © BIA/Kelsey 2013 i Leading in Local | From National to Local: Mobile Advertising Zeros In| Part II, Company Profiles Contents Summary .......................................................................................................................... 1 Duda Mobile ...................................................................................................................... 2 Facebook .......................................................................................................................... 3 Google .............................................................................................................................. 4 Marchex ............................................................................................................................ 5 Millennial Media ................................................................................................................. 6 Telenav ............................................................................................................................. 7 Telmetrics ......................................................................................................................... 8 Verve Mobile.....................................................................................................................
    [Show full text]