'Fabric' Would Tighten the Weave of Online Security
Cornell Chronicle (09/30/10) Bill Steele
Cornell University professors Fred Schneider and Andrew Myers are developing a way to incorporate security in the programming language used to write computer programs, so that the systems are protected from the beginning. Until now, computer security has been reactive, Schneider says. "Our defenses improve only after they have been successfully penetrated," he says. Schneider and Myers developed Fabric, a computer platform that replaces multiple existing layers with a simpler programming interface that makes security reasoning more direct. Fabric is designed to create secure systems for distributed computing, such as systems that move money around or control medical records. Fabric's programming language, which is based on Java, builds in security as the program is written. Myers says most of what Fabric does is transparent to the programmer. "I think we can make life simpler and improve performance," he says.
Thursday, September 30, 2010
Bloag: 'Fabric' Would Tighten the Weave of Online Security [...a way to incorporate security in the programming language used to write computer programs]
Blog: Multicore May Not Be So Scary [dealing with the issue: ...at a certain point, adding more cores slowed the system down instead of speeding it up.]
Multicore May Not Be So Scary
MIT News (09/30/10) Larry Hardesty
Massachusetts Institute of Technology (MIT) researchers built a system consisting of eight six-core chips that can simulate the performance of a 48-core chip, as a way to test if adding more cores continues to boost computing performance. The researchers tested several applications on their model, activating the 48 cores one by one and observing the results. The researchers found that at a certain point, adding more cores slowed the system down instead of speeding it up. However, slightly rewriting the Linux code so that each core kept a local count greatly improved the system's overall performance. "There's a bunch of interesting research to be done on building better tools to help programmers pinpoint where the problem is," says MIT professor Frans Kaashoek. "The big question in the community is, as the number of cores on a processor goes up, will we have to completely rethink how we build operating systems," says University of Wisconsin professor Remzi Arpaci-Dusseau.
Wednesday, September 29, 2010
Blog: MIT Researchers Tout Network Intrusion Recovery System [ ...makes repairs by selectively undoing the offending actions]
MIT Researchers Tout Network Intrusion Recovery System
Network World (09/29/10) Michael Cooney
Massachusetts Institute of Technology researchers are developing RETRO, a system designed to make it easier for organizations to recover from security breaches. RETRO lets administrators specify offending actions that they want to undo and makes repairs by selectively undoing the offending actions. "Since many adversaries go to great lengths to prevent the compromise from being discovered, it can take days or weeks for a user to discover that their machine has been broken into, resulting in a loss of all user work from that period of time," the researchers say. RETRO uses the action history graph to undo an unwanted action and its indirect effects by rolling back the direct effects. "An important assumption of RETRO is that the attacker does not compromise the kernel," the researchers note. However, security vulnerabilities are occasionally found in the kernel. To get around that problem, the researchers say one solution could be to use virtual machine-based techniques, which they plan to explore in the future.
Monday, September 27, 2010
Blog: Flying Robot Swarm Takes Off
Flying Robot Swarm Takes Off
Wired News (09/27/10) Olivia Solon
The Ecole Polytechnic Federale de Lausanne is experimenting with flying robots that would create a communications network for rescuers in disaster areas. Researchers involved in the Swarming Micro Air Vehicle Network project have equipped 10 flying robots with autopilot capabilities to control altitude, airspeed, and turn rate, and have designed a microcontroller that uses three sensors--a gyroscope and two pressure sensors. The robots have a global positioning system module for logging flight journeys, and the swarm controllers running Linux are connected to an off-the-shelf USB Wi-Fi dongle. Army ants serve as the inspiration for the way the flying robots lay and maintain communications pathways between a base node and users in the environment. Deployed as node micro air vehicles (MAVs), the flying robots spread out to create a grid for depositing and detecting virtual pheromone through local communication. And as ant MAVs, the robots travel along this grid until they reach an unoccupied position, which then becomes a node MAV, to extend the grid until there is a connection with the target user in the environment.
Blog: First Improvement of Fundamental Algorithm in 10 Years
First Improvement of Fundamental Algorithm in 10 Years
MIT News (09/27/10) Larry Hardesty
Massachusetts Institute of Technology (MIT) researchers, in collaboration with colleagues at Yale University and the University of Southern California, have demonstrated the first improvement to the maximum-flow (max flow) algorithm in 10 years. The max flow problem calculates the maximum amount of data that can move from one end of a network to another, considering the capacity limitations of the network's links. The researchers' new approach represents a network's graph as a matrix. Each node in the graph is assigned one row and one column of the matrix, with the intersections representing the amount of data that may be transferred between two nodes. The researchers can evaluate the whole graph at once by repeatedly modifying the numbers in the matrix and resolving the equations. "My guess is that this particular framework is going to be applicable to a wide range of other problems," says Cornell University professor John Hopcroft, co-recipient of the 1986 A.M. Turing Award. "When there's a breakthrough of that nature, usually, then, a subdiscipline forms, and in four or five years, a number of results come out."
Saturday, September 25, 2010
Blog: Cyber Attacks Test Pentagon, Allies and Foes
Cyber Attacks Test Pentagon, Allies and Foes
Wall Street Journal (09/25/10) Siobhan Gorman ; Stephen Fidler
Adversarial nations worldwide have adopted cyberespionage and cyberattacks as staples of modern warfare, and U.S. defense officials estimate that more than 100 countries are currently attempting to penetrate U.S. networks, with the greatest concentration of attacks based in China and Russia. Although the Pentagon's Cyber Command is slated to be fully operational in October, cybersecurity experts warn that much of the rest of the U.S. government has fallen behind as it argues over the duties of different agencies. One source reports that NATO's systems are behind those of the United States in terms of cyberdefense, noting that NATO delayed installing many of the basic network security patches because it had decided some of its computers were too critical to ever deactivate. Meanwhile, many nations have developed cyberoffensive capabilities that can repeatedly breach and lay waste to computer networks, according to cybersecurity specialists. The expansion of the threat of cyberattacks is spurring calls for an international accord to limit them. The International Institute of Strategic Studies' Nigel Inkster says that such a pact needs to establish thresholds beyond which a cyberattack would be designated an act of aggression.
Friday, September 24, 2010
Blog: Automated Biometric Recognition Technologies 'Inherently Fallible,' Better Science Base Needed
Automated Biometric Recognition Technologies 'Inherently Fallible,' Better Science Base Needed
National Academy of Sciences (09/24/10) Molly Galvin ; Christopher White
A National Research Council (NRC) study found that biometric systems designed to automatically recognize individuals based on biological and behavioral traits are inherently fallible, and no single trait was found to be stable and distinctive across all groups. "For nearly 50 years, the promise of biometrics has outpaced the application of the technology," says Hewlett-Packard technologist Joseph N. Pato. "While some biometric systems can be effective for specific tasks, they are not nearly as infallible as their depiction in popular culture might suggest." Biometric systems provide "probabilistic results," meaning that confidence in results must be tempered by an understanding of the inherent uncertainty in any given system, according to the NRC report. The report identifies several features a biometric system should have, including the ability to anticipate and plan for errors, and calls for additional research to strengthen biometric science and improve its effectiveness.
Thursday, September 23, 2010
Blog: Stuxnet Worm Causes Worldwide Alarm
Stuxnet Worm Causes Worldwide Alarm
Financial Times (09/23/10) Joseph Menn ; Mary Watkins
The Stuxnet computer worm has triggered global anxiety by infiltrating an unknown number of industrial controls. The malware can secretly give false instructions to industrial machines and false readings to operators, and it is uncertain whether it can be effectively removed. Stuxnet is a validation of warnings by private experts and some former government officials that the electrical grid and other critical industries are susceptible to malevolent hacking, and that a new epoch of computerized attacks has commenced. Previous cyberattacks have focused on inhibiting communications in countries such as Georgia or Estonia, but Stuxnet is the first piece of malicious software with a physically destructive purpose. Experts suggest that Stuxnet is most likely affiliated with a national government and may be a tool for terrorism, ideological motivation, or even extortion. Fighting the worm is difficult due to poor communication between industry officials and computer experts. The malware would be especially threatening if its target is the electrical grid or nuclear power, as countries have invested in smart grid infrastructure designed to interweave more industrial operations with the Internet.
Tuesday, September 21, 2010
Blog: New Research Improves Ability to Detect Malware in Cloud-Computing Systems
New Research Improves Ability to Detect Malware in Cloud-Computing Systems
NCSU News (09/21/10) Matt Shipman
North Carolina State University (NCSU) researchers have developed HyperSentry, software that offers enhanced security for cloud computing systems. The researchers say HyperSentry is better at detecting viruses and other malware in the "hypervisors" that are crucial to cloud computing. Hypervisors programs create the virtual workspace that enables different systems to run in isolation from each other. HyperSentry enables cloud administrators to measure the integrity of hypervisors in run time. "The concern is that an attacker could compromise a hypervisor, giving them control of the cloud," says NCSU professor Peng Ning. As soon as an infected hypervisor is detected, a cloud administrator can take action, such as shutting down the computer, performing additional investigations to identify the scope of the problem, and limiting how far the damage can spread. "HyperSentry solves two problems," Ning says. "It measures hypervisor integrity in a stealthy way, and it does so in the context of the hypervisor."
Monday, September 20, 2010
Blog: Convert XP into a Windows 7 Virtual Machine with Disk2vhd
| Greg Shultz shows you how to use Disk2vhd to move your Windows XP installation into Windows 7 and then run it with Windows Virtual PC. | |
Saturday, September 18, 2010
Blog: NIST Is Nearly Ready to Pick the Next Hash Algorithm
NIST Is Nearly Ready to Pick the Next Hash Algorithm
Government Computer News (08/18/10) Jackson, William
Developers of the 14 semifinalist algorithms for the new SHA-3 Secure Hash Algorithm standard will defend their work at the second U.S. National Institute of Standards and Technology (NIST) candidate conference. The final selection for a new standard hashing algorithm for the federal government is expected by early 2012, says NIST's Bill Burr. "All in all we've got quite a bit of performance data," Burr says. "At this point, we have a surprising amount of data on hardware implementation on all 14 candidates." SHA-3 will augment the algorithms specified in Federal Information Processing Standard 180-2, which includes SHA-1 as well as SHA-224, SHA-256, SHA-384, and SHA-512, collectively known as SHA-2. The conference will give the entrants an opportunity to address the results of the analysis and testing over the past year. The field of 14 will eventually be narrowed down to a final five algorithms, which will be analyzed and tested again before the final choice is made in the winter of 2012.
Blog: A Q&A With a PARC Pioneer Reflecting on 'The Office of the Future' 40 Years Later
A Q&A With a PARC Pioneer Reflecting on 'The Office of the Future' 40 Years Later
Scientific American (09/18/10) Larry Greenemeier
The way we work and live has been transformed by innovations pioneered by a cadre of researchers put together at Silicon Valley's Xerox Palo Alto Research Center (PARC) four decades ago to create "the office of the future." One of those researchers was PARC research fellow David Biegelsen, who has been at the research lab from the beginning. Although PARC invented such modern-day conveniences as the personal computer, laser printing, and the graphical user interface, it was less motivated and thus less successful in commercializing its own technology. Biegelsen considers the Alto, the first truly modern PC, to be PARC's greatest societal contribution, because it marked the beginning of personal computing. "More important than the physical platform was allowing the interpersonal collaborations to occur that led to new tools," he says. Biegelsen acknowledges that PARC's failure to capitalize on many of its inventions owed a lot to the developers' naivete, in that the innovations were very expensive and bringing down costs is no simple matter. He also recalls a certain disconnect in communication between the PARC researchers and the Xerox corporate management in Rochester, N.Y., which he attributes to "different visions for the future and about how to commercialize the things we developed."
Thursday, September 16, 2010
Blog: Magical BEANs: New Nano-Sized Particles Could Provide Mega-Sized Data Storage
Magical BEANs: New Nano-Sized Particles Could Provide Mega-Sized Data Storage
Berkeley Lab News Center (09/16/10) Lynn Yarris
Berkeley Lab researchers have discovered a new class of phase-change materials that could be applied to phase-change random access memory technologies and possibly optical data storage technologies. The binary eutectic-alloy nanostructures (BEANs) are nanocrystal alloys of a metal and semiconductor. The scientists found that embedding germanium tin nanocrystals within amorphous silica produced a bilobed nanostructure that was half crystalline metallic and half crystalline semiconductor. "Rapid cooling following pulsed laser melting stabilizes a metastable, amorphous, compositionally mixed phase state at room temperature, while moderate heating followed by slower cooling returns the nanocrystals to their initial bilobed crystalline state," says Berkeley Lab's Daryl Chrzan. The researchers expect that the two structures' electronic transport and optical properties will differ significantly, and that this difference can be tuned via modifications in composition.
Blog: Optical Chip Enables New Approach to Quantum Computing
Optical Chip Enables New Approach to Quantum Computing
University of Bristol News (09/16/10) Aliya Mughal
An international research team led by University of Bristol scientists has developed a silicon chip for quantum computing that could be used to perform complex calculations. "We believe, using our new technique, a quantum computer could, in less than 10 years, be performing calculations that are outside the capabilities of conventional computers," says Bristol professor Jeremy O'Brien. The technique uses two identical particles of light moving along a network of circuits in the silicon chip to perform an experiment called a quantum walk. "Using a two-photon system, we can perform calculations that are exponentially more complex than before," O'Brien says. The researchers say that a quantum computer based on a multi-photon quantum walk could be used to simulate complex processes such as superconductivity and photosynthesis. "Our technique could improve our understanding of such important processes and help, for example, in the development of more efficient solar cells," O'Brien says. Other applications could include the development of ultra-fast and efficient search engines, designing high-tech materials, and new pharmaceuticals.
Wednesday, September 15, 2010
Blog: Fuzzy Thinking Could Spot Heart Disease Risk
Fuzzy Thinking Could Spot Heart Disease Risk
ScienceDaily (09/16/10)
Anna University's Khanna Nehemiah and colleagues have used fuzzy logic, a neural network computer program, and genetic algorithms to create a medical diagnostic system for predicting the risk of cardiovascular disease in patients. They employed fuzzy logic to teach a neural network to examine patient data and identify correlations that would indicate a person's risk factor. The medical diagnostic system has produced a statistical model that improves on previous efforts and is accurate 90 percent of the time in determining patient risk, according to the researchers. "A clinical-decision support system should consider issues like representation of medical knowledge, decision making in the presence of uncertainty and imprecision, choice and adaptation of a suitable model," according to the researchers. They say the new model addresses all of these points. The fuzzy neural network could be further enhanced by modifying its architecture, and by extracting generic rules to find a more precise risk factor.
Tuesday, September 14, 2010
Blog: Tiny MAVs May Someday Explore and Detect Environmental Hazards
Tiny MAVs May Someday Explore and Detect Environmental Hazards
Air Force Print News (09/14/10) Maria Callier
The next phase of high-performance micro air vehicles (MAVs) for the Air Force could involve insect-sized robots for monitoring and exploring hazardous environments. "We are developing a suite of capabilities which we hope will lead to MAVs that exceed the capabilities of existing small aircraft," says Harvard University researcher Robert Wood. His team is studying how wing design can impact performance for an insect-size, flapping-wing vehicle. The research also will shape the devices' assembly, power supply, and control systems. The team is constructing wings and moving them at high frequencies to recreate trajectories that are similar to an insect's. The researchers are able to measure multiple-force components, and monitor fluid flow around the wings flapping in excess of 100 times per second. The team also is conducting high-speed stereoscopic motion tracking, force measurements, and flow visualization to better understand these systems.
Monday, September 13, 2010
Blog: Adobe Flash Player zero-day under attack
| Adobe Flash Player zero-day under attack By Ryan Naraine September 13, 2010, 3:15pm PDT | |
| The zero-day hacker attacks against Adobe's software products are coming fast and furious. | |
Blog: Electric Skin That Rivals the Real Thing
Electric Skin That Rivals the Real Thing
Technology Review (09/13/10) Katherine Bourzac
Two separate research groups have developed pressure-sensing devices that can match human skin in sensitivity and flexibility. Stanford University researchers created a system based on organic electronics that is 1,000 times more sensitive than human skin. The Stanford system consists of a clear silicon-containing polymer called PDMS. The team designed PDMS with arrays of micropillars that stand up from the touchable surface, which enables the material to flex quickly and return to its original shape. Meanwhile, University of California, Berkeley researchers built low-power tactile sensors based on arrays of inorganic nanowire transistors. The transistors are connected to a layer of conductive rubber made of carbon nanoparticles that can detect changes in the material's electrical resistance. "The nanowires are being used as active electronics to run the tactile sensor on top," says Berkeley professor Ali Javey. The Stanford system requires about 20 volts to operate, while the Berkeley device needs less than five volts. The new electronic-skin devices "are a considerable advance in the state of the art in terms of power consumption and sensitivity," says Trinity College at the University of Dublin professor John Boland.
Friday, September 10, 2010
Blog: Quantum Crypto Products Cracked By Researchers
Quantum Crypto Products Cracked By Researchers
Government Computer News (09/10/10) William Jackson
A European research team has shown that commercial implementations of quantum key distribution (QKD) are subject to eavesdropping with off-the-shelf materials. "Here we demonstrate experimentally that the detectors in two commercially available QKD systems can be fully remote-controlled using specially tailored bright illumination," the researchers write. However, U.S. National Institute of Standards and Technology scientist Xiao Tang disputes their conclusion, saying the attack technique can be prevented. "This type of attack is not new and is based on the idea of the intercept-resend attack," in which the eavesdropper intercepts information and then passes it along to the intended recipient, he says. Although the European researchers demonstrated a practical implementation of the attack, Tang says it can be easily prevented. The European demonstration is not meant to discredit QKD, but to strengthen an emerging technology. "Rather than demonstrating that practical QKD cannot become provably secure, our findings clearly show the necessity of investigating the practical security of QKD," write the researchers.
Blog: DARPA Wants to Create Brainiac Bot Tots
DARPA Wants to Create Brainiac Bot Tots
Wired News (09/10/10) Katie Drummond
The U.S. Defense Advanced Research Projects Agency (DARPA) is funding scientist Shane Mueller's efforts to expand upon the Turing test as part of an attempt to determine the level of artificial intelligence in bot tots. DARPA is interested in developing robots with the capabilities of an average toddler. "There were many motivations for this target, but one central notion is that if one could design a system with the capabilities of a two-year-old, it might be possible to essentially grow a three-year-old, given realistic experiences in a simulated environment," Mueller says. DARPA's goal is for tot bots to become super smart by learning like a human. Mueller uses a testing schema that has categories for visual recognition, search abilities, manual control, knowledge learning, language and concept learning, and simple motor control. The artificial intelligence agents would initially operate much like a toddler, but they would gradually learn from their surroundings and an instructor, and eventually gain advanced cognitive capabilities.
Thursday, September 9, 2010
Blog: Most Influential Tweeters of All
Most Influential Tweeters of All
Northwestern University News Center (IL) (09/09/10) Erin White
Northwestern University researchers have designed a Web site that tracks the top trending topics on Twitter in real time. The Web site--pulseofthetweeters.com--uses an algorithm to rank the most influential people tweeting on trending topics. The researchers say the algorithm combines dynamic data mining, sentiment analysis, and network analysis in real time. In addition to identifying the most influential tweeters, the algorithm can tell users whether the tweets are positive, negative, or neutral. "Discovering patterns, opinions, and sentiments from massive number of tweets is challenging in itself, but discovering influencers and leaders for specific topics is a major technological advance in data mining," says Northwestern professor Alok Choudhary. "The good thing about our system is it's completely automatic, and it needs minimal human supervision," says Northwestern's Ramanathan Narayanan.
Wednesday, September 8, 2010
Blog: Quantum Cryptography Breached With Lasers
Quantum Cryptography Breached With Lasers
InformationWeek (09/08/10) Mathew J. Schwartz
The Norwegian University of Science and Technology (NTNU), the University of Erlangen-Nurnberg, and the Max Planck Institute collaborated to develop a laser-based attack against quantum cryptography systems that allows them to eavesdrop on communications without revealing their presence. The researchers developed a quantum eavesdropping technique that remotely controls the photon detector, which is a key component in most quantum cryptography systems. The researchers believe that cyberattackers could breach security systems with off-the-shelf components, and obtain a perfect copy of the raw key without leaving any trace of their presence. "The security loophole we have exposed is intrinsic to a whole class of single-photon detectors, regardless of their manufacturer and model," says NTNU researcher Vadim Makarov.
Blog: Escher-Like Internet Map Could Speed Online Traffic
Escher-Like Internet Map Could Speed Online Traffic
New Scientist (09/08/10) Jacob Aron
Researchers at the University of Barcelona have developed a map of the Internet that could help eliminate network glitches. Barcelona researcher Marian Boguna fit the entire Internet into a disc using hyperbolic geometry. Each square on the map is a section of the Internet managed by a single body, such as a national government or a service provider. The most well-connected systems are close to the middle, while the least connected are at the edges. The researchers say the new map could provide coordinates for every system on the Internet, which could speed up routing traffic. Although the map shows just the number of connections between each autonomous system, the geography of the hyperbolic Internet map often reflects that of the real world. For example, a number of western European nations are clustered in one sector. The researchers also used simulations to demonstrate that a map of the Internet based on actual geographic relationships between systems trapped much more traffic within the network than the hyperbolic map.
Blog: Preventing Smart-Phone Armageddon
Preventing Smart-Phone Armageddon
Technology Review (09/08/10) Christopher Mims
Attacks against smartphones are likely to proliferate because of their growing ubiquity and the sensitive information they carry. However, researchers at the University of Colorado at Boulder believe they have devised an effective way to vet smartphones for viruses. Smartphones lack the battery life to constantly run onboard virus-scanning software, so Bryan Dixon and Shivakant Mishra have proposed running virus scans on PCs to which the smartphones are frequently linked. A smartphone would be able to transmit hashes of all large files, and a PC would be able to use the information to ascertain which files have changed since the last time the phone was connected. Only those files would be scanned to save time. Although the strategy would not be able to defeat a rootkit, there are ways for determining whether a phone has been compromised in this manner, such as by timing how long the phone takes to respond to specific challenges. Although smartphones are still vulnerable to an attack that would overload the network and make it almost impossible for calls to get through, the required scale and limited reach of smartphone viruses, Trojan horses, and rootkits make such an event unlikely.
Thursday, September 2, 2010
Blog: Scientists View Cybersecurity as an Intimidating Conundrum
Scientists View Cybersecurity as an Intimidating Conundrum
NextGov.com (09/02/10) Aliya Sternstein
The U.S. President's Council of Advisors on Science and Technology (PCAST) recently called on cybersecurity experts to discuss specific areas in the networking and information technology sector that warrant federal government research and development (R&D) funding. Cybersecurity "is the most difficult challenge," says Carnegie Mellon University's Jeannette M. Wing, who previously served as assistant director of the computer and information science and engineering directorate at the U.S. National Science Foundation. "And it's not just a societal and political challenge. It's a technical challenge." PCAST has found that although many advances in networking used to come from the Defense Department, recently innovation is more prevalent in the private sector, and the federal government does not play a huge part in R&D financing. Wing says the federal government needs to build research programs at agencies such as the National Institutes of Health and the Energy Department, which traditionally have not been considered test sites for computing, but now are conducting revolutionary work in the field.