Welcome to the August 24, 2016 edition of ACM TechNews, providing timely information for IT professionals three times a week.
Updated versions of the ACM TechNews mobile apps are available for Android phones and tablets (click here) and for iPhones (click here) and iPads (click here).
HEADLINES AT A GLANCE
New Approach Needed to IT, Says NIST's Top Cyber Scientist
FedScoop (08/23/16) Shaun Waterman
Ron Ross, the top cybersecurity scientist at the U.S. National Institute of Standards and Technology, on Tuesday told the U.S. Commission on Enhancing National Cybersecurity the coming cybersecurity crisis can only be addressed by building "more trustworthy secure components and systems." He said it is clear existing security measures are ineffective, given the rising number of successful attacks and breaches despite record cybersecurity investment. "You cannot protect that which you do not understand," Ross said. "Increased complexity translates to increased attack surface." He said existing cybersecurity strategies "fail to address the fundamental weaknesses in system architecture and design," and the solution is to apply well-defined security design precepts in a life cycle-based systems engineering process. Safety, reliability, and other strengths must be incorporated into systems from the outset, much like structurally sound bridges and safe aircraft are designed via a "disciplined and structured approach," Ross said. Such solutions may not be suitable for every scenario, but he noted "they should be available to those entities that are critical to the economic and national security interests of the U.S.," such as the electric grid, manufacturing facilities, financial institutions, transportation vehicles, water treatment plants, and weapons systems. He stressed partnerships between government, industry, and academia are essential to the success of this approach.
New Computer Science Course's Challenge Is Finding Qualified Teachers to Teach It
EdSource (08/23/16) Pat Maio
Expanding the availability of new Advanced Placement (AP) computer science courses to attract young women and minorities is complicated by a nationwide shortage of qualified educators. The AP Computer Science Principles course is a cornerstone of the Obama administration's Computer Science (CS) for All initiative, and it is being offered for the first time this month after being in a pilot stage for seven years. The intent of the course is to demonstrate the broad applicability of computer skills to all kinds of activities, and it is thought of as an introductory course to the College Board's more rigorous AP Computer Sciences A class. Cybersecurity and other topics are part of the new course's core concentration, with the goal of filling a predicted 1.4-million computer coding-related jobs by 2020. About 2,160 U.S. schools are offering the new course this year, and among the factors underlying the teacher shortage is the lack of a single-subject computer science credential in states such as California. Ruthe Farmer, an adviser with the White House Office of Science & Technology Policy, says the 25,000 teachers the CS for All initiative is currently training is a far cry from the 100,000 that will be needed in the future.
Graphene Doubles Up on Quantum Dots' Promise in Quantum Computing
IEEE Spectrum (08/23/16) Dexter Johnson
A group of researchers from several European institutions have produced quantum dots out of graphene, which they say offers a bold new possibility for quantum computing. The researchers discovered that quantum dots made from graphene possess four quantum states at a given energy level, unlike semiconductor quantum dots, which have only two. The additional quantum states could be a boon to quantum computing because the technology relies on well-controlled, coherent interactions between quantum bits. However, a major obstacle toward the development of a working quantum computer is de-coherence, which involves the loss of the quantum properties due to interactions with the environment. "Using our graphene quantum dots, you could think of storing two [quantum bits (qubits)] in the four-fold near-degenerate states, which would make a coherent interaction between these two qubits much more well controlled than the interaction of two two-fold degenerate states," says Vienna University of Technology professor Florian Libisch. He notes the key to the new research was to produce the graphene quantum dots without losing the four quantum states. The researchers used a combination of electrical and magnetic fields to trap the electrons in the graphene. In addition to the four quantum states, graphene quantum dots offer scalability, which should make it possible to fit many graphene quantum dots on a small chip for use in quantum computing.
Solving Network Congestion
MIT News (08/23/16) Adam Conner-Simons
Researchers at the Massachusetts Institute of Technology's (MIT) Computer Science and Artificial Intelligence Lab (CSAIL) have developed MegaMIMO 2.0, a system they say can transfer wireless data at twice the range of existing systems and three times faster. The researchers say MegaMIMO 2.0 could significantly enhance the speed and strength of wireless networks by simultaneously coordinating multiple access points on the same frequency, without producing interference. The system was tested in a mock conference room with multiple laptops that each roamed the space atop Roomba robots, and a 330-percent upgrade in data-transfer speed was observed. The CSAIL team pursued a new method for coordinating multiple transmitters via phase synchronization, developing special signal-processing algorithms that enable multiple independent transmitters to relay data on the same piece of spectrum to multiple independent receivers without interfering with each other. MIT researcher Hariharan Rahul says the team's congestion-reducing technology also is applicable to cellular networks. He notes the researchers plan to expand the system so it can simultaneously coordinate dozens of routers, facilitating faster data-transfer speeds. The team will present its research this week at the ACM Special Interest Group on Data Communications (SIGCOMM 2016) conference in Brazil.
Harvey Mudd College Took on Gender Bias and Now More Than Half Its Computer-Science Majors Are Women
Quartz (08/22/16) Oliver Staley
Harvey Mudd College in Claremont, CA, has had uncommon success in producing female programmers for more than a decade. This year, for the first time, more women than men graduated with a degree in computer science. Harvey Mudd has done it by removing obstacles that have typically barred women--including at the faculty level. The school emphasizes teaching over research, hiring and rewarding professors on the basis of their classroom performance, says former ACM president Maria Klawe, Harvey Mudd's president since 2006. The overhaul of the computer science curriculum to make it more inclusive began the year before Klawe arrived from Princeton, where she was dean of engineering. Klawe says it helps that Harvey Mudd is a small school, with only 800 students, so there are fewer opportunities to slip through the cracks, and women studying science, mathematics, engineering, and math subjects are less likely to feel marginalized. This year, 64 percent of women computer science graduates who reported having accepted a full-time job at graduation had a position in the technology industry, up from 30 percent in 2011. Klawe says they tend to choose large employers such as Google, LinkedIn, and Intel, which offer more stability than startups.
Researchers Demo 3D-Printed, Shape-Shifting Objects
Computerworld (08/23/16) Lucas Mearian
Researchers at the Lawrence Livermore National Laboratory (LLNL) have demonstrated the ability to three-dimensionally (3D) print objects that can then change shape, even folding and unfolding, when heated through an electric current or within ambient air temperature. The process of creating objects via 3D printing that can shift shape on their own also is known as 4D printing. The researchers created "smart ink," made from soybean oil, polymers, and carbon nanofibers, which they were able to program into a temporary shape at an engineered temperature determined by the chemical composition. They say the technology could have applications in healthcare, in aerospace for solar arrays, and for flexible circuits and robotic devices. The researchers also note the LLNL version of 4D printing is unique because it is the first to combine the process of 3D printing and subsequent folding with conductive smart materials to build complex structures. They demonstrated a 4D material capable of creating boxes, spirals, and spheres from shape memory polymers that can change shape when resistively heated or when exposed to the appropriate temperature. "If you can print with these polymer composites you can build things and electrically activate them to unfold," says LLNL researcher James Lewicki.
Princeton Develops 25-Core Chip for Servers
The Engineer (United Kingdom) (08/23/16)
Researchers at Princeton University have developed Piton, a chip they believe can significantly boost server performance while reducing energy consumption. The chip has a scalable architecture, enabling thousands of individual units to be stitched together into a single system containing millions of cores. The current version of Piton measures six by six millimeters and contains more than 460 million transistors, each of which are as small as 32 nanometers. Most of the transistors are housed in 25 cores, compared to the four or eight cores found in traditional computer chips. Princeton professor David Wentzlaff says the scalable architecture of Piton could enable thousands of cores on a single chip, with 500 million cores in a data center. Piton relies on execution drafting, in which similar processes are lined up one after another, a process that can increase energy efficiency by about 20 percent compared to a standard core. In addition, the chip's memory traffic shaper can yield an 18-percent performance jump. "We're also happy to give out our design to the world as open source, which has long been commonplace for software, but is almost never done for hardware," Wentzlaff says.
Blockchain Could Bring Electronic Voting to Australia by 2017
TechRepublic (08/22/16) Alison DeNisco
Australia intends to employ blockchain technology to let citizens vote online, with the government-owned postal service saying digital voting would provide convenience, faster tallying, efficiency, lower costs, and transparency. "The emergence of cryptocurrencies on...blockchain have highlighted opportunities to repurpose that technology to capture various digital transactions in immutable, distributed, and secure ways," says the Australia Post's Tim Adamson. The Australia Post's plan calls for a vote being an electronic transaction in which a number of voting "credits" can be "spent" by the voter. The consent to vote would be obtained via secure digital access keys sent securely to each voter. A ballot would be cryptographically represented within the blockchain, with each vote connected to the voter through their preference choice stored within the blockchain, keeping that information anonymous and publicly inaccessible. Once the election closes, the system would count the results from the database. The votes would be confirmed by candidates and voters without jeopardizing the secrecy of the ballot. Australia Post Accelerator partner Rick Wingfield says blockchain's pseudonymous nature ensures the anonymity of votes, noting "you can't reverse-engineer who somebody voted for and it's immutable and provides a ledger of all transactions."
Cybersecurity Researchers Design a Chip That Checks for Sabotage
New York University (08/23/16)
New York University professor Siddharth Garg and colleagues are developing a technique to check for malicious circuitry installed in chips by bad actors along the supply chain. The team has designed a chip with both an embedded module that proves its calculations are correct and an external module that validates the first module's proofs. The configuration keeps tabs on a chip's performance and can spot telltale signs of Trojan horses, and the verifying processor can be fabricated separately from the chip. "Employing an external verification unit made by a trusted fabricator means that I can go to an untrusted foundry to produce a chip that has not only the circuitry-performing computations, but also a module that presents proofs of correctness," Garg says. The chip designer then can turn to a trusted foundry to build a separate, less-complex module--an application-specific integrated circuit (ASIC) to validate the proofs of correctness generated by the internal module of the untrusted chip. Garg says this arrangement provides a safety net for the chipmaker and the end user. In addition, he notes the chip built by the external foundry will be smaller, faster, and more power-efficient than the trusted ASIC, sometimes by orders of magnitude.
Researchers Create 3D Faces From Online Photos to Defeat Face Authentication Systems
Network World (08/21/16)
University of North Carolina researchers say they have developed a virtual reality (VR)-based cyberattack that can reproduce the human face well enough to trick face-authentication systems. Like an attacker or a stalker, the researchers examined social media and ran image searches of 20 test participants. On average, they found between three to 27 photos per person online, then created three-dimensional (3D) models of their faces, added any missing areas or textures, and made additional tweaks, such as correcting gaze and adding facial animations such as frowning and smiling. In a test involving the KeyLemon, Mobius, True Key, BioID, and 1U face-authentication systems, the researchers reported every system failed when presented with 3D renderings created from indoor head shots, while attacks spoofing faces from social media photos had varying success rates. "VR-based spoofing attacks constitute a fundamentally new class of attacks that point to serious weaknesses in camera-based authentication systems," the researchers say. "Unless they incorporate other sources of verifiable data, systems relying on color image data and camera motion are prone to attacks via virtual realism."
How an Algorithm Learned to Identify Depressed Individuals by Studying Their Instagram Photos
Technology Review (08/19/16)
Researchers at Harvard University and the University of Vermont have trained a machine-learning algorithm to spot warning signs for depression on Instagram by analyzing the composition of posted images. The researchers recruited 170 participants via Amazon's Mechanical Turk service, 70 of whom were diagnosed with clinical depression. For each healthy user, the researchers chose their 100 most recent Instagram posts to be rated, and for depressed individuals, the 100 pre-diagnosis photographs were analyzed. A separate set of Turk participants rated how interesting, likeable, happy, and sad each photo appeared on a scale of zero to five. Photographs also were objectively rated by measuring the average hue, color saturation, contrast, and the number of faces in each image. A machine-learning algorithm then was used to find correlations between depression and image properties, and results show individuals with depression are more likely to post darker images that are bluer or grayer than healthy individuals. Depressed people also were found to post more photos with faces, but they tended to post fewer faces for each photo. After testing the algorithm on another 100 individuals, the program correctly identified 70 percent of those with depression; the researchers say their findings support the notion that changes in individual psychology can be identified via social media.
New Lever Language Builds on Python's Convenience, Aims for PyPy Speeds
InfoWorld (08/19/16) Serdar Yegulalp
Lever, a new open source programming language now in its 0.8.0 release, aims to be a general-purpose programming language similar to Python with the ability to compile easily to standalone executables and with grammar and syntax that can be freely customized. The language's long-term goal is to rival even the Python JITing compiler PyPy for speed. Lever uses much of the same syntax as Python, including indented code blocks and # symbols to delineate comments. In addition, Lever implements Python-like features such as dynamic typing, interfaces to C code, and module imports. However, Level also differs from Python in many significant ways. Lever programs come with a built-in event loop that makes it easier for developers to write apps that make use of concurrency, while also enabling users to supply their own grammar and syntax rules or to customize the existing ones. Going forward, Lever has the potential to replicate and repurpose some of Python's translation framework. Lever also could start using WebAssembly, a project that enables in-browser code to run at native-code speeds, as a compilation target.
UALR Student Researches How to Keep Cars Safe From Hacking
University of Arkansas at Little Rock (08/12/16) Angelita Faller
Two researchers at the University of Arkansas at Little Rock (UALR) have developed a security protocol that could protect smart cars from cyberattacks. Along with UALR professor Shucheng Yu, computer science junior Zachary King conducted research as part of a U.S. National Science Foundation program called [email protected], which aims to find solutions to cyberattacks targeting mobile technology and social media. Yu and King's research focuses on the development of a security protocol to protect the Controller Area Network (CAN), a car's internal communications system. The protocol authenticates messages sent through the system by creating an authentication code that can enable the network to differentiate between valid and malicious messages. A second security feature protects against replay attacks, in which a hacker breaches a network by repeatedly sending old messages, by issuing a timestamp to messages. "There are many ways that hackers can control CAN," King says. "Once they access it, hackers can pretty easily control your car however they want. We are proposing to add a layer of security, so if an unauthorized person accesses it, they still wouldn't be able to control your vehicle."
Abstract News © Copyright 2016 INFORMATION, INC.
To submit feedback about ACM TechNews, contact: [email protected]