research-article

Open access

Exploiting Mixed Binaries

Authors:

Michalis Papaevripides,

Elias AthanasopoulosAuthors Info & Claims

ACM Transactions on Privacy and Security (TOPS), Volume 24, Issue 2

Article No.: 7, Pages 1 - 29

https://doi.org/10.1145/3418898

Published: 02 January 2021 Publication History

All formats PDF

Abstract

Unsafe programming systems are still very popular, despite the shortcomings due to several published memory-corruption vulnerabilities. Toward defending memory corruption, compilers have started to employ advanced software hardening such as Control-flow Integrity (CFI) and SafeStack. However, there is a broad interest for realizing compilers that impose memory safety with no heavy runtime support (e.g., garbage collection). Representative examples of this category are Rust and Go, which enforce memory safety primarily statically at compile time.

Software hardening and Rust/Go are promising directions for defending memory corruption, albeit combining the two is questionable. In this article, we consider hardened mixed binaries, i.e., machine code that has been produced from different compilers and, in particular, from hardened C/C++ and Rust/Go (e.g., Mozilla Firefox, Dropbox, npm, and Docker). Our analysis is focused on Mozilla Firefox, which outsources significant code to Rust and is open source with known public vulnerabilities (with assigned CVE). Furthermore, we extend our analysis in mixed binaries that leverage Go, and we derive similar results.

The attacks explored in this article do not exploit Rust or Go binaries that depend on some legacy (vulnerable) C/C++ code. In contrast, we explore how Rust/Go compiled code can stand as a vehicle for bypassing hardening in C/C++ code. In particular, we discuss CFI and SafeStack, which are available in the latest Clang. Our assessment concludes that CFI can be completely nullified through Rust or Go code by constructing much simpler attacks than state-of-the-art CFI bypasses.

References

[1]

[n.d.]. American Fuzzy Lop. Retrieved November 2019 from http://lcamtuf.coredump.cx/afl.

[2]

[n.d.]. Clang—Control flow integrity. Retrieved November 2019 from https://clang.llvm.org/docs/ControlFlowIntegrity.html.

[3]

[n.d.]. Clang - safestack. Retrieved November 2019 from https://clang.llvm.org/docs/SafeStack.html.

[4]

[n.d.]. Go Channels. Retrieved May 2020 from https://tour.golang.org/concurrency/2.

[5]

[n.d.]. Go Closures. Retrieved May 2020 from https://tour.golang.org/moretypes/25.

[6]

[n.d.]. Go Goroutines. Retrieved May 2020 from https://tour.golang.org/concurrency/1.

[7]

[n.d.]. Go Interfaces. Retrieved May 2020 from https://tour.golang.org/methods/9.

[8]

[n.d.]. Go-stats. Retrieved May 2020 from https://github.com/segmentio/go-stats.

[9]

[n.d.]. Golang. Retrieved May 2020 from https://golang.org/.

[10]

[n.d.]. Kernel Control Flow Integrity. Retrieved November 2019 from https://source.android.com/devices/tech/debug/kcfi.

[11]

[n.d.]. Mozilla Research—Rust. Retrieved from https://research.mozilla.org/rust/.

[12]

[n.d.]. Rust in Production. Retrieved January 2020 from https://www.rust-lang.org/production.

[13]

[n.d.]. Stack Overflow: Developer Survey Results 2020. Retrieved August 2020 from https://insights.stackoverflow.com/survey/2020.

[14]

2010. Kraken JavaScript Benchmark. Retrieved November 2019 from https://krakenbenchmark.mozilla.org/kraken-1.1/driver.html.

[15]

2014. Memory exploit mitigations #15179. Retrieved from https://github.com/rust-lang/rust/issues/15179.

[16]

2014. RFC: Memory exploit mitigation #145. Retrieved from https://github.com/rust-lang/rfcs/pull/145.

[17]

2014. Sanitize memory and CPU registers for sensitive data #17046. Retrieved from https://github.com/rust-lang/rust/issues/17046.

[18]

2015. Strengths and weaknesses of LLVM’s safestack buffer overflow protection. Retrieved November 2019 from http://blog.includesecurity.com/2015/11/LLVM-SafeStack-buffer-overflowprotection.html.

[19]

2015. Update LLVM and add the safestack attribute to all generated functions. #26612. Retrieved from https://github.com/rust-lang/rust/issues/26612.

[20]

2017. Disarming control flow guard using advanced code reuse attacks. Retrieved March 2019 https://www.endgame.com/blog/technical-blog/disarming-control-flow-guard-using-advanced-code-reuse-attacks.

[21]

2017. Safe Rust code miscompilation due to a bug in LLVM’s Global Value Numbering #45839. Retrieved March 2019 from https://github.com/rust-lang/rust/issues/45839, last accessed in March 2019.

[22]

2018. CVE-2018-6126: Heap buffer overflow rasterizing paths in SVG with Skia. Retrieved from https://bugzilla.mozilla.org/show_bug.cgi?id=1462682.

[23]

2018. Enabling Windows exploit mitigations by default in Rust programs? Retrieved March 2019 from https://internals.rust-lang.org/t/enabling-windows-exploit-mitigations-by-default-in-rust-programs/8716.

[24]

2019. As input parameters. Retrieved November 2019 from https://doc.rust-lang.org/rust-by-example/fn/closures/input_parameters.html.

[25]

2019. Closures. Retrieved November 2019 from https://doc.rust-lang.org/rust-by-example/fn/closures.html.

[26]

2019. Community makes Rust an easy choice for npm. Retrieved January 2020 from https://www.rust-lang.org/static/pdfs/Rust-npm-Whitepaper.pdf.

[27]

2019. GDB: The GNU Project Debugger. Retrieved November 2019 from https://www.gnu.org/software/gdb.

[28]

2019. Implications of rewriting a browser component in rust. Retrieved from https://hacks.mozilla.org/2019/02/rewriting-a-browser-component-in-rust/.

[29]

2019. Multiprocess Firefox. Retrieved from https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Multiprocess_Firefox.

[30]

2019. Rust—Foreign function interface. Retrieved November 2019 from https://doc.rust-lang.org/nomicon/ffi.html.

[31]

2019. Rust 2019: Security. Retrieved from https://snf.github.io/2019/01/10/rust-2019-security/.

[32]

2019. The rust programming language. Retrieved November 2019 from https://doc.rust-lang.org/book/.

[33]

Aaron Turon. 2019. Abstraction without overhead: Traits in rust. Retrieved November 2019 from https://blog.rust-lang.org/2015/05/11/traits.html.

[34]

Martín Abadi, Mihai Budiu, Úlfar Erlingsson, and Jay Ligatti. 2005. Control-flow integrity. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’05). 340--353.

Digital Library

[35]

Periklis Akritidis. 2010. Cling: A memory allocator to mitigate dangling pointers. In Proceedings of the USENIX Security Symposium (USENIX SEC’10). 177--192.

Digital Library

[36]

Hussain M. J. Almohri and David Evans. 2018. Fidelius charm: Isolating unsafe rust code. In Proceedings of the 8th ACM Conference on Data and Application Security and Privacy (CODASPY’18). ACM, New York, NY, 248--255.

Digital Library

[37]

Starr Andersen and Vincent Abella. 2004. Changes to functionality in Microsoft Windows XP Service Pack 2, Part 3: Memory protection technologies, data execution prevention. Microsoft TechNet Library. Retrieved from http://technet.microsoft.com/en-us/library/bb457155.aspx.

[38]

Dennis Andriesse, Xi Chen, Victor van der Veen, Asia Slowinska, and Herbert Bos. 2016. An in-depth analysis of disassembly on full-scale x86/x64 binaries. In Proceedings of the 25th USENIX Security Symposium (USENIX SEC’16).

Digital Library

[39]

Cornelius Aschermann, Tommaso Frassetto, Thorsten Holz, Patrick Jauernig, Ahmad-Reza Sadeghi, and Daniel Teuchert. 2019. NAUTILUS: Fishing for deep bugs with grammars. In Proceedings of the Network and Distributed System Security Symposium (NDSS’19).

[40]

Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, and Thorsten Holz. 2019. REDQUEEN: Fuzzing with input-to-state correspondence. In Proceedings of the Network and Distributed System Security Symposium (NDSS’19).

[41]

Michalis Athanasakis, Elias Athanasopoulos, Michalis Polychronakis, Georgios Portokalidis, and Sotiris Ioannidis. 2015. The devil is in the constants: Bypassing defenses in browser JIT engines. In Proceedings of the Network and Distributed System Security Symposium (NDSS’15). The Internet Society.

[42]

Abhiram Balasubramanian, Marek S. Baranowski, Anton Burtsev, Aurojit Panda, Zvonimir Rakamari, and Leonid Ryzhyk. 2017. System programming in rust: Beyond safety. SIGOPS Oper. Syst. Rev. 51, 1 (September 2017), 94--99.

Digital Library

[43]

Emery D. Berger and Benjamin G. Zorn. 2006. DieHard: Probabilistic memory safety for unsafe languages. In Proceedings of the ACM Programming Language Design and Implementation Conference (PLDI’06). 158--168.

Digital Library

[44]

Vincent Blanchon. [n.d.]. Go: Memory Safety with Bounds Check. Retrieved May 2020 from https://medium.com/a-journey-with-go/go-memory-safety-with-bounds-check-1397bef748b5.

[45]

Nicolas Carlini, Antonio Barresi, Mathias Payer, David Wagner, and Thomas R. Gross. 2015. Control-flow bending: On the effectiveness of control-flow integrity. In Proceedings of the USENIX Security Symposium (USENIX SEC’15). 161--176.

Digital Library

[46]

Crispin Cowan, Calton Pu, Dave Maier, Heather Hinton, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang, et al. 1998. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Security Symposium, Vol. 81. 346--355.

Digital Library

[47]

Lucas Davi, Ahmad-Reza Sadeghi, Daniel Lehmann, and Fabian Monrose. 2014. Stitching the gadgets: On the ineffectiveness of coarse-grained control-flow integrity protection. In Proceedings of the USENIX Security Symposium (USENIX SEC’14). 401--416.

Digital Library

[48]

Isaac Evans, Fan Long, Ulziibayar Otgonbaatar, Howard Shrobe, Martin Rinard, Hamed Okhravi, and Stelios Sidiroglou-Douskos. 2015. Control jujutsu: On the weaknesses of fine-grained control flow integrity. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS’15). ACM, New York, NY, 901--913.

Digital Library

[49]

Isaac Evans, Fan Long, Ulziibayar Otgonbaatar, Howard Shrobe, Martin Rinard, Hamed Okhravi, and Stelios Sidiroglou-Douskos. 2015. Control jujutsu: On the weaknesses of fine-grained control flow integrity. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’15). 901--913.

Digital Library

[50]

Enes Göktaş, Elias Athanasopoulos, Herbert Bos, and Georgios Portokalidis. 2014. Out Of control: Overcoming control-flow integrity. In Proceedings of the IEEE Symposium on Security and Privacy (S8P’14). 575--589.

Digital Library

[51]

Enes Goktas, Angelos Oikonomopoulos, Robert Gawlik, Benjamin Kollenda, Elias Athanasopoulos, Georgios Portokalidis, Cristiano Giuffrida, and Herbert Bos. 2016. Bypassing clang’s safestack for fun and profit. In Proceedings of the Black Hat Europe Conference (Black Hat Europe’16).

[52]

Istvan Haller, Enes Göktaş, Elias Athanasopoulos, Georgios Portokalidis, and Herbert Bos. 2015. ShrinkWrap: VTable protection without loose ends. In Proceedings of the Annual Computer Security Applications Conference (ACSAC’15). ACM, 341--350.

Digital Library

[53]

Rick Hudson. 2018. Getting to go: The journey of go’s garbage collector. Retrieved May 2020 from https://blog.golang.org/ismmkeynote.

[54]

Dongseok Jang, Zachary Tatlock, and Sorin Lerner. 2014. SafeDispatch: Securing c++ virtual calls from memory corruption attacks. In Proceedings of the Network and Distributed System Security Symposium (NDSS’14). The Internet Society.

[55]

Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, and Derek Dreyer. 2017. RustBelt: Securing the foundations of the rust programming language. Proc. ACM Program. Lang. 2, Article 66 (December 2017), 34 pages.

Digital Library

[56]

Kuznetsov, Volodymyr and Szekeres, László and Payer, Mathias and Candea, George and Sekar, R. and Song, Dawn. 2014. Code-pointer integrity. In Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation (OSDI’14). USENIX Association, Berkeley, CA, 147--163. http://dl.acm.org/citation.cfm?id=2685048.2685061

Digital Library

[57]

Julian Lettner, Benjamin Kollenda, Andrei Homescu, Per Larsen, Felix Schuster, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz, and Michael Franz. 2016. Subversive-C: Abusing and protecting dynamic message dispatch. In Proceedings of the USENIX Annual Technical Conference (USENIX ATC’16). 209--221.

Digital Library

[58]

Giorgi Maisuradze, Michael Backes, and Christian Rossow. 2017. Dachshund: Digging for and securing (non-)blinded constants in JIT code. In Proceedings of the 24th Annual Network and Distributed System Security Symposium (NDSS’17).

[59]

Nicholas D. Matsakis and Felix S. Klock, II. 2014. The rust language. Ada Lett. 34, 3 (October 2014), 103--104.

Digital Library

[60]

Leo A. Meyerovich and Ariel S. Rabkin. 2013. Empirical analysis of programming language adoption. In Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages Applications (OOPSLA’13). ACM, New York, NY, 1--18.

Digital Library

[61]

Dongliang Mu, Alejandro Cuevas, Limin Yang, Hang Hu, Xinyu Xing, Bing Mao, and Gang Wang. 2018. Understanding the reproducibility of crowd-reported security vulnerabilities. In Proceedings of the 27th USENIX Security Symposium (USENIX Security’18). USENIX Association, Baltimore, MD, 919--936.

Digital Library

[62]

Santosh Nagarakatte, Jianzhou Zhao, Milo M. K. Martin, and Steve Zdancewic. 2009. SoftBound: Highly compatible and complete spatial memory safety for C. ACM Sigplan Not. 44, 6 (2009), 245--258.

Digital Library

[63]

Santosh Nagarakatte, Jianzhou Zhao, Milo M. K. Martin, and Steve Zdancewic. 2010. CETS: Compiler-enforced temporal safety for C. In Proceedings of the ACM SIGPLAN International Symposium on Memory Management (ISMM’10). 31--40.

Digital Library

[64]

Gene Novark and Emery D. Berger. 2010. DieHarder: Securing the heap. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’10). 573--584.

Digital Library

[65]

Angelos Oikonomopoulos, Elias Athanasopoulos, Herbert Bos, and Cristiano Giuffrida. 2016. Poking holes in information hiding. In Proceedings of the 25th USENIX Security Symposium (USENIX Security’16). USENIX Association, Berkeley CA, 121--138.

Digital Library

[66]

PaX Team. 2003. Address Space Layout Randomization (ASLR). Retrieved from http://pax.grsecurity.net/docs/aslr.txt.

[67]

Mathias Payer. 2012. Too much PIE is bad for performance. Technical Report 766 (2012).

[68]

Eric Christopher Reed. 2015. Patina: A formalization of the rust programming language. Master’s Thesis. University of Washington (2015).

[69]

Robert Rudd, Richard Skowyra, David Bigelow, Veer Dedhia, Thomas Hobson, Stephen Crane, Christopher Liebchen, Per Larsen, Lucas Davi, Michael Franz, Ahmad-Reza Sadeghi, and Hamed Okhravi. 2017. Address oblivious code reuse: On the effectiveness of leakage resilient diversity. In Proceedings of the 24th Annual Network and Distributed System Security Symposium (NDSS’17).

[70]

Felix Schuster, Thomas Tendyck, Christopher Liebchen, Lucas Davi, Ahmad-Reza Sadeghi, and Thorsten Holz. 2015. Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in c++ applications. In Proceedings of the IEEE Symposium on Security and Privacy (S8P’15).

Digital Library

[71]

Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitry Vyukov. 2012. AddressSanitizer: A fast address sanity checker. In Proceedings of the USENIX Annual Technical Conference (USENIX ATC’12). 309--318.

Digital Library

[72]

Hovav Shacham. 2007. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM Conference on Computer and Communications Security. 552--61.

Digital Library

[73]

Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song. 2013. SoK: Eternal war in memory. In Proceedings of the 2013 IEEE Symposium on Security and Privacy (S8P’13). IEEE Computer Society, Los Alamitos, CA, 48--62.

Digital Library

[74]

Theofilos Petsios. 2019. Millions of Binaries Later: A Look Into Linux Hardening in the Wild. Retrieved November 2019 from https://capsule8.com/blog/millions-of-binaries-later-a-look-into-linux-hardening-in-the-wild/.

[75]

Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, Úlfar Erlingsson, Luis Lozano, and Geoff Pike. 2014. Enforcing forward-edge control-flow integrity in GCC 8 LLVM. In Proceedings of the USENIX Security Symposium (USENIX SEC’14). 941--955.

Digital Library

[76]

Victor van der Veen, Enes Göktaş, Moritz Contag, Andre Pawloski, Xi Chen, Sanjay Rawat, Herbert Bos, Thorsten Holz, Elias Athanasopoulos, and Cristiano Giuffrida. 2016. A tough call: Mitigating advanced code-reuse attacks at the binary level. In Proceedings of the IEEE Symposium on Security and Privacy (S8P’16). 934--953.

[77]

Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, L. Szekeres, S. McCamant, D. Song, and Wei Zou. 2013. Practical control flow integrity 8 randomization for binary executables. In Proceedings of the IEEE Symposium on Security and Privacy (S8P’13). 559--573.

Digital Library

[78]

Mingwei Zhang and R. Sekar. 2013. Control flow integrity for COTS binaries. In Proceedings of the USENIX Security Symposium (USENIX SEC’13). 337--352.

Digital Library

Cited By

Louka ADionysiou AAthanasopoulos E(2024)Validating Memory Safety in Rust BinariesProceedings of the 17th European Workshop on Systems Security10.1145/3642974.3652281(8-14)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3642974.3652281
Liljestrand HEkberg J(2024)A Viewpoint: Harmonizing the Diverse Memory Safety FrontsIEEE Security & Privacy10.1109/MSEC.2024.340278922:4(97-100)Online publication date: Jul-2024
https://doi.org/10.1109/MSEC.2024.3402789
Du YAlrawi OSnow KAntonakakis MMonrose FMeng WJensen CCremers CKirda E(2023)Improving Security Tasks Using Compiler Provenance Information Recovered At the Binary-LevelProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623098(2695-2709)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623098
Show More Cited By

Index Terms

Exploiting Mixed Binaries
1. Security and privacy
  1. Software and application security
    1. Software security engineering
  2. Systems security
    1. Browser security

Recommendations

Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications
SP '15: Proceedings of the 2015 IEEE Symposium on Security and Privacy

Code reuse attacks such as return-oriented programming (ROP) have become prevalent techniques to exploit memory corruption vulnerabilities in software programs. A variety of corresponding defenses has been proposed, of which some have already been ...
Validating Memory Safety in Rust Binaries
EuroSec '24: Proceedings of the 17th European Workshop on Systems Security

Without depending on heavy runtime support, Rust can realize fast machine code that mitigates most of the common attacks associated with memory-corruption and can appear in all unsafe machine code developed using C/C++. Most of the work for producing ...
LMP: light-weighted memory protection with hardware assistance
ACSAC '16: Proceedings of the 32nd Annual Conference on Computer Security Applications

Despite a long history and numerous proposed defenses, memory corruption attacks are still viable. A secure and low-overhead defense against return-oriented programming (ROP) continues to elude the security community. Currently proposed solutions still ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Privacy and Security

ACM Transactions on Privacy and Security Volume 24, Issue 2

May 2021

242 pages

ISSN:2471-2566

EISSN:2471-2574

DOI:10.1145/3446639

Editor:
Ninghui Li
Purdue University, USA

Issue’s Table of Contents

Copyright © 2021 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 January 2021

Accepted: 01 August 2020

Revised: 01 June 2020

Received: 01 January 2020

Published in TOPS Volume 24, Issue 2

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

European Union's Horizon 2020 research and innovation programme
RESTART programmes of the research, technological development and innovation of the Research Promotion Foundation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
3,426
Total Downloads

Downloads (Last 12 months)842
Downloads (Last 6 weeks)41

Reflects downloads up to 01 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Louka ADionysiou AAthanasopoulos E(2024)Validating Memory Safety in Rust BinariesProceedings of the 17th European Workshop on Systems Security10.1145/3642974.3652281(8-14)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3642974.3652281
Liljestrand HEkberg J(2024)A Viewpoint: Harmonizing the Diverse Memory Safety FrontsIEEE Security & Privacy10.1109/MSEC.2024.340278922:4(97-100)Online publication date: Jul-2024
https://doi.org/10.1109/MSEC.2024.3402789
Du YAlrawi OSnow KAntonakakis MMonrose FMeng WJensen CCremers CKirda E(2023)Improving Security Tasks Using Compiler Provenance Information Recovered At the Binary-LevelProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623098(2695-2709)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623098
Sorniotti AWeissbacher MKurmus A(2023)Go or No Go: Differential Fuzzing of Native and C Libraries2023 IEEE Security and Privacy Workshops (SPW)10.1109/SPW59333.2023.00036(349-363)Online publication date: May-2023
https://doi.org/10.1109/SPW59333.2023.00036
van Oorschot P(2023)Memory Errors and Memory Safety: A Look at Java and RustIEEE Security and Privacy10.1109/MSEC.2023.324971921:3(62-68)Online publication date: 1-May-2023
https://dl.acm.org/doi/10.1109/MSEC.2023.3249719
Huang YWang ZOu HChi Y(2022)Fuzzing-Based Office Software Vulnerability Mining on Android PlatformProceeding of 2021 International Conference on Wireless Communications, Networking and Applications10.1007/978-981-19-2456-9_114(1141-1149)Online publication date: 13-Jul-2022
https://doi.org/10.1007/978-981-19-2456-9_114

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents