Researchers have found a way to watch for spies in the cloud.
Source: “Home Alone: Co-Residency Detection in the Cloud via Side-Channel Analysis”
Yinqian Zhang et al.
Proceedings of the IEEE Symposium on Security and Privacy, May 2011
Results: A prototype system allows companies that use cloud computing services to confirm that their data is safe from others using the same service provider. It can detect with 80 percent accuracy the presence of unauthorized processing on the same server; the rate of false positives is 1 percent. The system will notice both attackers and inappropriate data sharing.
Why it matters: Cloud computing makes it possible to access generic processing and storage resources over the Internet. But security concerns have made many companies and organizations hesitant to use these services. Data could be stored on hardware shared with competitors, they fear, or it could even be vulnerable to malicious software actively trying to steal information. Some customers, such as NASA, have demanded that cloud providers physically isolate their data from that of other users. The problem is that until now, it’s been almost impossible to verify that this is being done.
Methods: In the past, researchers have found that attackers can steal data about a virtual machine’s activities—even sensitive information such as passwords—by watching subtle clues such as how it uses shared system resources, including the server’s temporary storage system. The researchers coöpted this principle to make it work for defense. They trained a legitimate virtual machine to watch a server’s cache for telltale signs of hostile virtual machines on the same server. The technique requires no modification to existing cloud technologies and no action from the cloud provider.
Next Steps: The researchers are expanding the prototype to create a complete system that can run on a commercial cloud service, such as Amazon Web Services.
Low-Literacy Web Search
A form of the Web for people who can’t read aims to help poor countries
Source: “Spoken Web: Creation, Navigation and Searching of Voicesites”
Sheetal Agarwal et al.
2011 International Conference on Intelligent User Interfaces (IUI), February 13-16, 2011, Palo Alto, California
Results: A search engine developed by IBM researchers makes it possible to find and access information on a spoken version of the World Wide Web. A test of the interface by 40 farmers in the Indian state of Gujarat showed that it was easy to use.
Why it matters: More than one billion people worldwide are illiterate, most of them in poor nations. This poses a more fundamental barrier to Web use than the cost of computers and network access. For four years, a team at IBM Research India has operated a system called the Spoken Web that uses telephone numbers in place of Web addresses so that users can dial in to “upload” or listen to spoken information. Several thousand people worldwide use the service to share information such as local crop prices. However, until now there hasn’t been an efficient way to search and sort through that information.
Methods: IBM’s search engine relies on speech recognition to understand the word a person is searching for—a pesticide name, for example—and to find mentions of that word on the Spoken Web. Like a conventional search engine, it can rapidly generate a list of many results, but a user cannot skim the list to choose the best result, as is possible on the text Web. Instead, the system tells the user how many results it found and suggests ways to filter that list—for example, by the name of the person who recorded a particular piece of information. This step is repeated until there are five or fewer results. That short list is read out to the user, who chooses which result to “browse” to.
Next Steps: The researchers plan to roll out the system to all users of the Spoken Web. They are also working to improve the quality of the speech recognition software involved. Most access to the Spoken Web is in Indian languages that makers of such software have not focused on before.