Welcome to the September 22, 2010 edition of ACM TechNews, providing timely information for IT professionals three times a week.
HEADLINES AT A GLANCE
Europe Calls for Global Internet Treaty
Computer Weekly (09/17/10) Mark Ballard
The Council of Europe has proposed a global Internet Treaty designed to protect the Internet from political interference. The treaty operates on 12 Principles of Internet Governance, including openness and interoperability and network neutrality. "The fundamental functions and the core principles of the Internet must be preserved in all layers of the Internet architecture with a view to guaranteeing the interoperability of networks in terms of infrastructures, services, and contents," according to the draft treaty. Also proposed as a principle of net neutrality was that the Internet leaves any information processing to the end points of the network and does not interfere with traffic that passes across it. The proposed accord also would require international collaboration to protect Internet infrastructure as well as the multi-stakeholder system of governance. Under the treaty, the system of governance overseen by ICANN would adhere to international human rights law and would uphold certain rights, including freedom of expression, association, and human dignity. The treaty also would establish a principle of cross-border cooperation in the identification and neutralization of security weaknesses.
Code That Tracks Users' Browsing Prompts Lawsuits
New York Times (09/20/10) Tanzina Vega
The latest threat to user privacy on the Internet is code placed on hard drives by Adobe's Flash program when users watch Web videos. Privacy advocates says that Flash cookies allow companies to create detailed profiles of consumers without their knowledge. Unlike HTML cookies, Flash cookies are stored in a separate directory that many users are unaware of and may not know how to control. The growing use of Flash cookies has prompted several lawsuits. "What these cases are about is the right of a computer user to dictate the terms by which their personal information is harvested and shared," says attorney Scott A. Kamber. Privacy advocates claim that if enough data is collected over time, advertisers can create detailed profiles of users, including personal data such as race and age. Complaints about online privacy are now moving to mobile devices. A recent lawsuit filed by three California residents against a technology company claims the company used a product called Media Stamp to acquired information about their phone and assigned a unique ID to their mobile device. Rep. Bobby L. Rush (D-Ill.) recently introduced an online privacy bill that would require companies to disclose how they collect personal information on users and to make those disclosures easy to understand.
Island Dreams to Become Virtual Reality
ICT Results (09/22/10)
A new European research project is developing three-dimensional (3D) versions of Mediterranean islands that will be updated automatically with current information from public and private databases. MedIsolae-3D will enable users to virtually "fly over" Mediterranean islands and swoop down on areas of interest. The project combines software designed for aircraft landing simulations with orthophotography and satellite images of the islands, in addition to public data such as digital terrain models, maps, and tourist services. The researchers plan to make MedIsolae-3D available to users worldwide by integrating it with Web-based geoplatforms such as Google Earth, ESRI ArcGlobe, and MS Virtual Earth. The researchers also plan to deliver MedIsolae-3D to the island territories of Greece, Cyprus, France, Italy, Malta, and Spain. The program builds on the recent development of Inspire, a standardized spatial data infrastructure for Europe, which will enable the integration of spatial information across Europe.
Untagged: Software Recognizes Animals It's Seen Before
New Scientist (09/20/10) Helen Knight
Researchers at Centrum Wiskunde & Informatica (CWI), a Dutch center for mathematics and computing, have developed an algorithm that can identify individual leatherback sea turtles from digital images of their markings. The algorithm looks for specific identifiers on the turtle's spots, such as white patches on dark areas, and then encodes these details into a unique biometric marker for the turtle. "Ideally, anyone who comes across a turtle on a beach could take a photograph, upload it to the Web site, and find out whether the animal has been seen before, where it is from, and how old it is," says CWI's Eric Pauwels. University of Bristol researchers are using the same method on African penguins. Bristol researcher Tilo Burghardt demonstrated that the penguin-spotting technique can be used to fingerprint any animal with spots or stripes. Researchers also are working on a computer system that can identify individual animals by their footprints.
Local DDoS Testbed Bids to Future-Proof Systems
Computerworld Australia (09/21/10) James Hutchinson
Queensland University of Technology researchers are working to test and mitigate the risks of distributed denial-of-service attacks by creating and running an internal testbed. The new dosTF testbed uses eight Linux and Windows-based computers and three VMware servers to create 200 virtual hosts to simulate attacks. Each computer is equipped with two Ethernet cards and is monitored by SNMP messaging, with experimental scenarios recorded in XML format to be later documented and potentially replayed for further experimentation. The experiments were conducted on an internal network instead of on a live system so as not to break international laws, says Queensland researcher Desmond Schmidt. He notes that similar testbeds have been established at the University of Utah and the University of California, Berkeley, but because of their location they are problematic for researchers in the India-Australia region to use. Each of the computers and virtual hosts in the dosTF testbed can be used as an attacker, traffic generator, defender, or vulnerable service, and can be activated using a central command line. Schmidt says the testbed has been successful in two separate denial-of-service attacks.
New Research Improves Ability to Detect Malware in Cloud-Computing Systems
NCSU News (09/21/10) Matt Shipman
North Carolina State University (NCSU) researchers have developed HyperSentry, software that offers enhanced security for cloud computing systems. The researchers say HyperSentry is better at detecting viruses and other malware in the "hypervisors" that are crucial to cloud computing. Hypervisors programs create the virtual workspace that enables different systems to run in isolation from each other. HyperSentry enables cloud administrators to measure the integrity of hypervisors in run time. "The concern is that an attacker could compromise a hypervisor, giving them control of the cloud," says NCSU professor Peng Ning. As soon as an infected hypervisor is detected, a cloud administrator can take action, such as shutting down the computer, performing additional investigations to identify the scope of the problem, and limiting how far the damage can spread. "HyperSentry solves two problems," Ning says. "It measures hypervisor integrity in a stealthy way, and it does so in the context of the hypervisor."
How Safe Is Your Swipe?
American Friends of Tel Aviv University (09/20/10)
Tel Aviv University (TAU) researchers have developed a method of extracting information from chip technology by combining modern cryptology methods with constraint programming, which could lead to important new advances in computer security. The key weakness in modern secure chips can be found in the chip's power supply, says TAU professor Avishai Wool. The amount of power and how it fluctuates depends on the kind of information on the chip. By measuring the power fluctuations and analyzing the data, a hacker could decipher the information on the chip. The TAU program can sort through the noise associated with hacking a computer chip to accurately analyze its contents. "Companies need to know how secure their chip is, and how it can be cracked," Wool says. "They need to know what they're up against."
Dancing Robot Swan Triggers Emotions
Malardalen University (Sweden) (09/21/10) Lisa Nordenhem
Researchers at Sweden's Malardalen University have created a robot in the form of a swan that can dance to the music of Tchaikovsky's Swan Lake. "We want to explore the limits of what a robot can do, what human expressions it can mimic, and how it affects people's perception of the robot when it makes an appearance in art and dance," says Malardalen professor Lars Asplund. The one-meter-tall robot was built using a modular system and features 19 joints, which makes it very flexible. The researchers say the robot's four-minute-long dance has received positive reviews. "With our swan we are showing that we can use robots in new ways--simply because they are beautiful and give the audience new experiences," says Malardalen researcher Kerstin Gauffin.
Monitor the Air--With a Smartphone
USC News (09/20/10) Eric Mankin
University of Southern California (USC) researchers have developed Visibility, an smartphone application that uses the device's resources to monitor air quality. Visibility is available for download on smartphones running the Android system, and will soon be available for iPhones. The user takes a picture of the sky while the sun is shining, which is compared to established models of sky luminance and used to estimate visibility. Visibility is directly related to the concentration of harmful particles of dust, engine exhaust, mining, or other sources in the air, and these aerosols turn a blue sky gray. The accelerometer in the phone can "guide the user to point the phone's camera in exactly the right direction," says USC professor Gaurav Sukhatme. The application automatically computes the camera and solar orientation, uploading the data along with the image to a central computer system. The system then estimates the visibility and returns a message to the user's smartphone.
IETF Approves E-Crime Reporting Format
IDG News Service (09/20/10) Jeremy Kirk
The Internet Engineering Task Force has approved a customized version of the XML-based Instant Object Description Exchange Format, which includes extensions appropriate for creating standard electronic crime reports. The reporting format permits unambiguous time stamps, support for different languages, and a feature to attach samples of malicious code. The developers say the new format would bring consistency to e-crime reports, which would be housed in a centralized database. The security industry and organizations would be able to mine the database of standardized e-crime, which would make it easier to find common patterns in attacks and respond faster. The Anti-Phishing Working Group (APWG) plans to run a trial on how organizations can share data in the format, which should determine whether further communication would be needed. "Data exchanges will help to refine the operational, policy, and procedural issues that appear whenever a data exchange question arises," APWG says.
New 3.2 Million-Euro Project Aims to Build Computers That Can Learn From Us
University of Bristol News (09/16/10)
The European Union-funded COGNITO project is building a computer system that can observe people, learn how they do things, and help them carry out tasks. University of Bristol professor Andrew Calway's research team is developing advanced computer vision algorithms, which will be incorporated into on-body cameras that will be used to monitor human activities. Investigating the learning of human sensory-motor activities could help lead to the development of truly useful computers, says the Bristol team. The data captured from the on-body sensor networks will assist the COGNITO project in both the learning of actions and using that knowledge in assistive systems based on augmented reality technology. Learning skilled assembly and manipulation tasks, often found in high-precision industries, will be a focus of the project. "In Europe, where many industries from family-run to large corporations rely on highly skilled people, systems that assist in rapid training and quality control are essential," says Bristol's Walterio Mayol-Cuevas.
Lightweight True Random Number Generators a Step Closer
Queen's University Belfast (09/17/10)
Researchers at Queen's University Belfast's Institute of Electronics, Communications and Information Technology say they have developed the most lightweight true random number generators to date. According to the researchers, the designs feature a series of circuits that are up to 50 percent smaller than anything currently available. The designs are optimized for digital circuits, field-programmable gate arrays, and application-specific integrated circuits, and use just one logic gate, one look-up table, and four transistors, respectively. The researchers were unsure if it was possible to devise more efficient designs based on different noise measurement mechanisms. "After investigating several candidates, finally we found a successful one," says researcher Jiang Wu, who worked with Maire O'Neill to use white noise inside the circuit to generate the randomness. The approach effectively simulates a toss of a coin. Wu and O'Neill developed a mechanism to measure the noise and generate the random output.
Less Is More in the Fight Against Terrorism
Suffolk University's Philip Vos Fellman used tools for analyzing complex systems to study terrorist networks. Employing network analysis, agent-based simulation, and dynamic NK Boolean fitness landscapes, Vos Fellman says his computer models offer clues on ways to undertake long-term operational and strategic planning to undermine terrorist networks. He says the complexity of terrorist networks is compounded by their dynamic nature as well as their levels of ambiguity. His mathematical analysis suggests that isolating hubs within a terrorist network is the best way to fight terrorism, rather than attempting to destroy a network in short-term battles. Efforts should focus on the hubs around which the network hinges, and the computer models also indicate soft targets of small cells may not be worth pursuing. "The results which these simulation and dynamical systems modeling tools present suggest that, quite literally, sometimes less is more and that operational objectives might be better directed at isolation rather than removal," Vos Fellman says. "If you are not focused on the top problems, then considerations of opportunity cost suggest that it may be better to do nothing rather than to waste valuable resources on exercises which are doomed to fail."
Clever Cars to Mean Safer Driving
BBC News (09/17/10) Mark Ward
At the recent Future World Symposium researchers discussed possible applications for on-board computers and sensors in cars. "The car is probably going to be the most compute-intensive possession that we will have," says Freescale Semiconductor's Steve Wainwright. Computers and sensors are helping to augment a person's driving skill and that trend will only continue as technologies such as collision-detection systems and radar become more commonplace, Wainwright says. Future cars could send data about their location and the number of occupants in a car to get emergency services responding much more quickly, says analyst Paul Burnley. Smart sensors could lead to the widespread use of electric cars because they will be able to tell exactly how much charge is left in a battery and how far it is to the nearest charging station. The United States has set aside radio spectrum for car-to-car communication systems to enable inter-vehicular exchanges about road conditions, and Europe is planning a similar system. "If you think about what you can do with smart routing and dynamic routing if you have a good [intelligent transportation system], it absolutely makes anything that you can do on engine management completely pale into insignificance," Wainwright says.
Abstract News © Copyright 2010 INFORMATION, INC.
To submit feedback about ACM TechNews, contact: [email protected]
Current ACM Members: Unsubscribe/Change your email subscription by logging in at myACM.