Computer Science - Security

A new approach for managing bugs in computer software has been developed by a team led by Prof. George Candea at EPFL. The latest version of Dimmunix, available for free download, enables entire networks of computers to cooperate in order to collectively avoid the manifestations of bugs in software.

A new IT tool, developed by the Dependable Systems Lab at EPFL in Switzerland, called "Dimmunix," enables programs to avoid future recurrences of bugs without any assistance from users or programmers. The approach, termed "failure immunity," starts working the first time a bug occurs -- it saves a signature of the bug, then observes how the computer reacts, and records a trace. When the bug is about to manifest again, Dimmunix uses these traces to rec-ognize the bug and automatically alters the execution so the program continues to run smooth-ly. With Dimmunix, your Web browser learns how to avoid freezing a second time when bugs associated with, for example, plug-ins occur. Going a step further, the latest version uses cloud computing technology to take advantage of networks and thereby inoculating entire communities of computers.

Read more: Safety in Numbers: A Cloud-Based Immune System for Computers

Computer Science - Security

by Larry Hardesty

More and more, malicious hackers are exploiting web site security holes to attack their victims' computers. Programmers try to identify those holes in advance and plug them with code that performs security checks; but if they find a hundred holes and miss one, their programs are still insecure. At next week's ACM Symposium on Operating Systems Principles, however, MIT researchers will present a new system called Resin, which automatically calls up security checks whenever they're required, even in unforeseen circumstances.

Read more: Securing the Web

Computer Science - Security

by Eric Frazier

Computer security mimics nature

In the never-ending battle to protect computer networks from intruders, security experts are deploying a new defense modeled after one of nature’s hardiest creatures — the ant.

Unlike traditional security devices, which are static, these “digital ants” wander through computer networks looking for threats, such as “computer worms” — self-replicating programs designed to steal information or facilitate unauthorized use of machines. When a digital ant detects a threat, it doesn’t take long for an army of ants to converge at that location, drawing the attention of human operators who step in to investigate.

Read more: Ants vs. Worms

Computer Science - Security

Computer scientists demonstrated that criminals could hack an electronic voting machine and steal votes using a malicious programming approach that had not been invented when the voting machine was designed. The team of scientists from University of California, San Diego, the University of Michigan, and Princeton University employed “return-oriented programming” to force a Sequoia AVC Advantage electronic voting machine to turn against itself and steal votes.

 “Voting machines must remain secure throughout their entire service lifetime, and this study demonstrates how a relatively new programming technique can be used to take control of a voting machine that was designed to resist takeover, but that did not anticipate this new kind of malicious programming,” said Hovav Shacham, a professor of computer science at UC San Diego’s Jacobs School of Engineering and an author on the new study presented on August 10, 2009 at the 2009 Electronic Voting Technology Workshop / Workshop on Trustworthy Elections (EVT/WOTE 2009), the premier academic forum for voting security research.

Read more: Computer Scientists Take Over Electronic Voting Machine With New Programming Technique