Feds Developing Cloud Security Program
InformationWeek (03/31/10) Hoover, J. Nicholas
A U.S. federal interagency working group is developing a unified, governmentwide risk-management program that could greatly decrease the amount of security work agencies must do to access cloud services. The proposed new effort, called the Federal Risk and Authorization Management Program Pilot (FedRAMP), would give agencies a centralized approach to solving security problems such as certification and accreditation. FedRAMP will develop common security requirements for certain systems, provide ongoing risk assessments, and carry out governmentwide security authorizations. Agencies also will be able to see what security controls have been conducted for different products and services. The program would make certification and accreditation processes simpler because they would only need to be carried out once per cloud service, and agencies could share security management services. Initially, the program would focus on public and private cloud computing technologies, but could eventually expand to cover traditional Web hosting and other domains.
Wednesday, March 31, 2010
Blog: Feds Developing Cloud Security Program
Tuesday, March 30, 2010
Blog: A Grand Unified Theory of AI
A Grand Unified Theory of AI
MIT News (03/30/10) Hardesty, Larry
Massachusetts Institute of Technology (MIT) research scientist Noah Goodman has developed Church, a programming language that combines a rules-based artificial intelligence (AI) system with probabilistic inference systems. "What's brilliant about this is that it allows you to build a cognitive model in a fantastically much more straightforward and transparent way than you could do before," says University College London professor Nick Chater. In testing, the Church program behaved almost exactly like a human subject and did a significantly better job of modeling human thought than traditional AI algorithms. Although Chater says Church is currently too computationally intensive for use in general-purpose mind simulators, he says getting the system to run is a significant achievement.
Wednesday, March 10, 2010
Blog: Conquering the Chaos in Modern, Multiprocessor Computers
Conquering the Chaos in Modern, Multiprocessor Computers
University of Washington News and Information (03/10/10) Hickey, Hannah
University of Washington (UW) researchers have devised a method for coaxing predictable behavior out of modern, multiprocessor computers by automatically parceling sets of commands and assigning them to specific sites. The program runs faster than it would on a single processor, due to the concurrent calculation of the command sets. "We've developed a basic technique that could be used in a range of systems, from cell phones to data centers," says UW professor Luis Ceze. "Ultimately, I want to make it really easy for people to design high-performing, low-energy and secure systems." One application of the system can aid the proper testing of programs by making errors reproducible. A software-based version of this system, which could be used on existing machines, was presented this week by UW graduate student Tom Bergan at ACM's International Conference on Architectural Support for Programming Languages and Operating Systems.
Tuesday, March 9, 2010
Blog: Mapping the Malicious Web
Mapping the Malicious Web
Technology Review (03/09/10) Lemos, Robert
Websense researchers have developed FireShark, software that automatically monitors malicious activity on Web sites. Websense researcher Stephan Chenette says the experimental system scans the Web, identifies the source of embedded content in Web pages, and determines whether any code on a site is acting maliciously. FireShark then creates a map of interconnected Web sites and looks for potentially malicious content. FireShark, which maps nearly one million Web sites and servers per day, decodes the HTML, Javascript, and other code embedded in each Web site, looking for the ultimate source of content. "When you graph multiple sites, you can see their communities of content," Chenette says. Websense researchers plan to release a plug-in for Firefox that will reveal the content hubs that a site is linked to.
Wednesday, March 3, 2010
Blog: GE Qualibria brings decision support to patient bedside
| That's what GE Healthcare is trying to do with its new "clinical knowledge platform," dubbed Qualibria. Qualibria was introduced at a small press breakfast during the HIMSS trade show. The development partner was Intermountain Healthcare, a Salt Lake City, Utah company that both offers health care plans and runs hospitals. This gives it an incentive to do cost effective care. A recent Dartmouth study said $40 billion could be saved a year by moving to the procedures Intermountain practices. Those procedures, along with coding, research and decision support tools, are now at the patient's bedside with Qualibria, which is "EMR agnostic" and so can ride above the systems hospitals have already installed. "The secret sauce is not only the clinical quality of Intermountain but the presentation of that knowledge," said Dr. Graham Hughes, chief medical officer for GE's Healthcare's Enterprise IT Systems division. |
Blog: Researchers Find Weakness in Common Digital Security System
Researchers Find Weakness in Common Digital Security System
University of Michigan News Service (03/03/10) Moore, Nicole Casal
University of Michigan (UM) researchers have found weaknesses in the RSA authentication encryption method, which is used to protect both media copyright and Internet communications. The scientists discovered they could breach the system by varying the voltage supply to the holder of the "private key," which would be the consumer's device in the case of copy protection and the retailer or bank in the case of Internet communications. Private keys contain more than 1,000 digits of binary code and would take longer than the age of the universe to guess, says UM doctoral student Andrea Pellegrini. However, using the voltage disrupting method, the UM researchers were able to obtain the private key in about 100 hours. Changing the electric current confuses the computer and causes it to make small mistakes in its communications with other clients. These faults reveal small pieces of the private key. After enough faults were created, the researchers were able to reconstruct the key offline without damaging the device.
Monday, March 1, 2010
Blog: The Power of Plant Clock Computing
The Power of Plant Clock Computing
Technology Review (03/01/10)
Research into the use of process algebra to model the circadian rhythm in plants might yield computing efficiency that is several orders of magnitude greater than that of silicon-based computation. Conventional computational techniques are ill-suited for modeling a plant's biological processes because the processes do not involve independent sequential steps. However, University of Edinburgh researcher Ozgur Akman and colleagues used Bio-PEPA process algebra to simulate the circadian rhythm of the green alga Ostreococcus tauri. Bio-PEPA was used to produce a model of the various feedback loops in the alga's clock, and to investigate the clock's reaction to factors such as shifts in light patterns and genetic mutations. The plant clock model has been used to make some projections about the behavior of actual Ostreococcus populations. Process algebra features a property that is frequently neglected--the fact that it is not equivalent to a standard sequential Turing machine.