Researchers at top universities, backed by funding from federal and other outfits, are pumping out loads of research on network security, wireless networking and more. Here's a recap of 7 impressive projects from recent months.
1. Not that you trust mobile apps in the first place…
As many as 4 in 10 apps with policies could be collecting location information and nearly 1 in 5 could be sharing that data without getting your permission to do so,
Such applications could be violating various laws, such as the Children’s Online Privacy Protection Act and California Online Privacy Protection Act.
“Overall, each app appears to exhibit a mean of 1.83 possible inconsistencies and that’s a huge number,” said Norman Sadeh, professor of computer science in CMU’s Institute for Software Research, in a statement.
Sebastian Zimmeck, a post-doctoral associate who designed and implemented an automated system with Sadeh that uses natural language processing and machine learning to sniff out mobile app policy inconsistencies, presented findings late in 2016. Sadeh’s group is working with the California Office of the Attorney General to apply the system as a way to determine adherence of apps to state privacy law.
The NSF, DARPA and Air Force Research Laboratory supported this work. In addition to CMU researchers, work on the project came from those at Columbia University, Washington University of St. Louis and Fordham University Law School.
2. When electrons talk with photons…
Princeton University and HRL Laboratories researchers worked for more than 5 years to develop a method for enabling a single electron to pass information to a photon, a breakthrough that could speed the way to silicon-based quantum computers that can make much more sophisticated calculations than traditional systems.
"Just like in human interactions, to have good communication a number of things need to work out — it helps to speak the same language and so forth," said Jason Petta, a Princeton professor of physics, in a statement (he's shown in the photo above, with physics graduate students David Zajac and Xiao Mi). "We are able to bring the energy of the electronic state into resonance with the light particle, so that the two can talk to each other."
What’s more, the researchers’ advanced circuit design could pave the way for communicating between the qubits at the heart of a quantum computer even when they are all the way across a chip from one another (that’s pretty far when you’re talking about things this size). Qubits can be in a state of 0, 1 or a combination of the two, and that’s what gives them their superpowers.
The team’s research has been published in the journal Science (“Strong coupling of a single electron in silicon to a microwave photon”).
Funding came from the Army Research Office, the Gordon and Betty Moore Foundation, and the National Science Foundation. The material is based upon work supported by the U.S. Department of Defense.
3. MIT’s MegaMIMO 2.0: Tripling wireless speeds
MIT Computer Science and Artificial Intelligence Lab (CSAIL) researchers are doing something about the wireless spectrum crunch and it’s called MegaMIMO 2.0.
The signal-processing algorithms developed (as described in the paper “Real Time Distributed MIMO Systems”) coordinate transmitters on wireless routers by synchronizing their phases, and that enables the devices to work on the same frequency without causing interference. Researchers say MegaMIMO 2.0 can transfer wireless data more than three times faster than existing systems and also double the signal’s range. They say it could be particularly useful at crowded events such as concerts, conventions and sports events. They also say it's not far off from being commercialized.
“In today’s wireless world, you can’t solve spectrum crunch by throwing more transmitters at the problem, because they will all still be interfering with one another,” says Ezzeldin Hamed, a PhD student who is lead author on the paper, in a statement. “The answer is to have all those access points work with each other simultaneously to efficiently use the available spectrum.”
The researchers are working to expand their technology for use beyond Wi-Fi networks by including cellular ones, too.
The work was funded by the NSF and supported by members of the MIT Center for Wireless Networks and Mobile Computing.
4-5-6. Mixing up would-be attackers
Ivy League researchers have created a program called Shuffler that enables software to scramble its code as it runs, making it crazy difficult for attackers to exploit bugs that inevitably pop up. It goes beyond basic code-scrambling schemes, like the address space layout randomization (ASLR) approach taken by many operating systems for years.
"Shuffler makes it nearly impossible to turn a bug into a functioning attack, defending software developers from their mistakes," said the study's lead author, David Williams-King, a graduate student at Columbia Engineering, in a statement on Columbia University’s website. "Attackers are unable to figure out the program's layout if the code keeps changing."
Shuffler runs alongside the code it defends and even protects itself against its own bugs.
One catch with Shuffler: It slows programs down by 15%, though is barely noticeable on very large-scale processing systems, according to Columbia.
Williams-King co-authored a paper on the subject titled “Shuffler: Fast and Deployable Continuous Code Re-Randomization" and it was presented at the USENIX Symposium on Operating Systems and Design. Researchers from Brown University and the University of British Columbia also took part in this project.
Other researchers are trying to foil attackers via randomization techniques, too.
Timely Address Space Randomization (TASR) is MIT Lincoln Labs’ approach to bettering ASLR, which is vulnerable to memory disclosure attacks.
"TASR is the first technology that mitigates an attacker's ability to leverage information leakage against ASLR, irrespective of the mechanism used to leak information," says
Robert Rudd of Lincoln Labs in a statement. Rather than randomizing on a set schedule, TASR does its thing whenever an application runs. It injects a randomizer component and later deletes it from the application.
The TASR team argues its technology, which does not require special hardware, has advantages over other methods in that it protects against all sorts of memory corruption attacks and vulnerabilities.
Look for at least portions of TASR to go open-source.
Researchers at Florida State University and Stony Brook University also last year published a paper on a new method of randomizing code to protect it from attacks.
Their Remix tool allows for mixing of randomized and non-randomized code “to strike a balance between performance and security.” The researchers argue that their technique can minimize the impact of randomization on CPU and I/O performance.
7. IT security wearing you out?
A study from the National Institute of Standards and Technology (NIST) that was published in IEEE's IT Professional journal found that most regular computer users get "security fatigue" that can lead to unintentionally risky online behavior.
"The finding that the general public is suffering from security fatigue is important because it has implications in the workplace and in people's everyday life," cognitive psychologist and co-author Brian Stanton said in a statement. "It is critical because so many people bank online, and since health care and other valuable information is being moved to the internet. If people can't use security, they are not going to, and then we and our nation won't be secure."
Based on study findings, the researchers shared three ways to ease security fatigue:
1. Limit the number of security decisions users need to make;
2. Make it simple for users to choose the right security action; and
3. Design for consistent decision making whenever possible.