Skip navigation

University of Wisconsin

warning: Creating default object from empty value in /var/www/vhosts/ on line 33.

Enlarge / A diagram of a side-channel attack on a virtual machine. Using a malicious VM running on the same hardware, scientists were able to recover a private encryption key.

Zhang et al.

Piercing a key defense found in cloud environments such as Amazon's EC2 service, scientists have devised a virtual machine that can extract private cryptographic keys stored on a separate virtual machine when it resides on the same piece of hardware.

The technique, unveiled in a research paper published by computer scientists from the University of North Carolina, the University of Wisconsin, and RSA Laboratories, took several hours to recover the private key for a 4096-bit ElGamal-generated public key using the libgcrypt v.1.5.0 cryptographic library. The attack relied on "side-channel analysis," in which attackers crack a private key by studying the electromagnetic emanations, data caches, or other manifestations of the targeted cryptographic system.

One of the chief selling points of virtual machines is their ability to run a variety of tasks on a single computer rather than relying on a separate machine to run each one. Adding to the allure, engineers have long praised the ability of virtual machines to isolate separate tasks, so one can't eavesdrop or tamper with the other. Relying on fine-grained access control mechanisms that allow each task to run in its own secure environment, virtual machines have long been considered a safer alternative for cloud services that cater to the rigorous security requirements of multiple customers.

Read 8 remaining paragraphs | Comments

Your rating: None

The Nikon Small World Photomicrography Competition lets us see beyond the capabilities of our unaided eyes. Almost 2000 entries from 70 countries vied for recognition in the 37th annual contest, which celebrates photography through a microscope. Images two through 21 showcase the contest's winners in order, and are followed by a selection of other outstanding works. Scientists and photographers turned their attention on a wide range of subjects, both living and man-made, from lacewing larva to charged couple devices, sometimes magnifying them over 2000 times their original size. -- Lane Turner (38 photos total)
Wim van Egmond of the Micropolitan Museum in Rotterdam, Netherlands photographed a Leptodora kindtii (giant waterflea) eye from a living specimen using the differential interference contrast method. (Wim van Egmond)

Add to Facebook
Add to Twitter
Add to digg
Add to StumbleUpon
Add to Reddit
Add to
Email this Article

Your rating: None

Take computers, mathematics, and the Java Sound API, add in some Java code, and you've got a recipe for creating some uniquely fascinating music. IBM Staff Software Engineer Paul Reiners demonstrates how to implement some basic concepts of algorithmic music composition in the Java language. He presents code examples and resulting MIDI files generated by the Automatous Monk program, which uses the open source jMusic framework to compose music based on mathematical structures called cellular automata.

Your rating: None

Where Did This Code Come From? Discovering the Provenance of Program Binaries

Google Tech Talk (more info below) April 22, 2011 Presented by Nathan Rosenblum, UW-Madison ABSTRACT Where did this binary come from? How was it compiled? What language did the programmer choose? Who wrote this code? These questions rarely occur to most computer users, but for analysts working in forensics, reverse engineering, and software theft, they are of paramount importance. The provenance of a program binary --- the specific process through which an idea is transformed into executable code --- can provide valuable insight, yet it is in the very domains where such information would be most useful that it is least likely to be available. At the University of Wisconsin, we have investigated techniques to recover these provenance details from program binaries, filling in the gaps in the production process. Provenance recovery occupies the intersection of program analysis, security, and statistical machine learning research; in this talk, I will describe probabilistic models of provenance in the context of compiler toolchain identification and both closed- and open-world solutions to the difficult task of program authorship attribution: picking out stylistic characteristics of executable code that reveal the identity of the programmer. Our work integrates a range of machine learning techniques, from support vector machines to conditional random fields to metric learning and large-margin clustering. I will discuss how we leverage large-scale computing resources to solve <b>...</b>

More in
Science & Technology

Your rating: None