MIT Research News' Journal
 
 [Most Recent Entries] [Calendar View]

Friday, December 9th, 2016

    Time Event
    4:13p
    Urban planning research papers receive Association of Collegiate Schools of Planning honors

    Elizabeth Reed Yarina MCP ’15, a teaching fellow with MIT-SUTD, and Lillian Jacobson MCP ’15 have been honored by the Association of Collegiate Schools of Planning (ACSP) for works they published during their graduate programs at MIT. Yarina was awarded the Edward McClure Award for best master's student paper, and Jacobson won the Donald A. Schön Award for Reflective Practice.

    The Edward McClure Award recognizes superior scholarship in a paper prepared by a master’s student in an ACSP-member school. Submissions may address any topic of investigation generated in the course of pursuing a master’s degree in urban/city/community/town/regional planning. 

    Yarina’s paper, “Nauru as State and Space of Exploitation: Current and Future Refugees,” addresses many issues important to planning, including poverty; migration, displacement, and social vulnerability; international relations; the built environment; environmental degradation; and the impacts of climate change. According to the ACSP, “Yarina’s clear writing and careful approach, emphasizing spatial and architectural perspectives, capably support her evaluation of extensive empirical information to generate insights with the potential to guide local action.”

    Yarina is currently a teaching fellow in Singapore with MIT-SUTD. She will begin a Fulbright research fellowship in New Zealand in spring 2017 to study the spatial implications of Pacific Islander climate change migration on New Zealand’s cities.

    Jacobson’s paper, “Drawing Outside the Lines: Participatory Design in Unincorporated Communities,” chronicles and analyzes her collaboration with high school students from a marginalized community in Santa Rosa, California. The ACSP said that “her thesis documents her successful attempts to elicit reflection-in-action and reflection-on-action among high school students.”

    Jacobson is currently a project associate at MIG, a planning firm with headquarters in Berkeley, California.

    The other 2016 student paper award recipients were: Mercedes Sharpe Zayas of the University of Toronto; Madeleine Koch of the University of Manitoba; Elizabeth Hewitt of Stony Brook University; Chenghe Guan of Harvard University; and Ricardo Cardoso of the University of California at Berkeley.

    ACSP is a consortium of university-based programs that advances the quality of architectural education in the United States and abroad, administering annual awards to faculty and students who have distinguished themselves or made major contributions to the urban and regional planning profession.

    Student awards were presented at the ACSP annual conference in early November. 

    5:25p
    Foiling cyberattackers with rerandomization

    When it comes to protecting data from cyberattacks, information technology (IT) specialists who defend computer networks face attackers armed with some advantages. For one, while attackers need only find one vulnerability in a system to gain network access and disrupt, corrupt, or steal data, the IT personnel must constantly guard against and work to mitigate varied and myriad network intrusion attempts.

    The homogeneity and uniformity of software applications have traditionally created another advantage for cyber attackers. "Attackers can develop a single exploit against a software application and use it to compromise millions of instances of that application because all instances look alike internally," says Hamed Okhravi, a senior staff member in the Cyber Security and Information Sciences Division at MIT Lincoln Laboratory. To counter this problem, cybersecurity practitioners have implemented randomization techniques in operating systems. These techniques, notably address space layout randomization (ASLR), diversify the memory locations used by each instance of the application at the point at which the application is loaded into memory.

    In response to randomization approaches like ASLR, attackers developed information leakage attacks, also called memory disclosure attacks. Through these software assaults, attackers can make the application disclose how its internals have been randomized while the application is running. Attackers then adjust their exploits to the application's randomization and successfully hijack control of vulnerable programs. "The power of such attacks has ensured their prevalence in many modern exploit campaigns, including those network infiltrations in which an attacker remains undetected and continues to steal data in the network for a long time," explains Okhravi, who adds that methods for bypassing ASLR, which is currently deployed in most modern operating systems, and similar defenses can be readily found on the Internet.

    Okhravi and colleagues David Bigelow, Robert Rudd, James Landry, and William Streilein, and former staff member Thomas Hobson, have developed a unique randomization technique, timely address space randomization (TASR), to counter information leakage attacks that may thwart ASLR protections. "TASR is the first technology that mitigates an attacker's ability to leverage information leakage against ASLR, irrespective of the mechanism used to leak information," says Rudd.

    To disallow an information leakage attack, TASR immediately rerandomizes the memory's layout every time it observes an application processing an output and input pair. "Information may leak to the attacker on any given program output without anybody being able to detect it, but TASR ensures that the memory layout is rerandomized before the attacker has an opportunity to act on that stolen information, and hence denies them the opportunity to use it to bypass operating system defenses," says Bigelow. Because TASR's rerandomization is based upon application activity and not upon a set timing (say every so many minutes), an attacker cannot anticipate the interval during which the leaked information might be used to send an exploit to the application before randomization recurs.

    When TASR determines that the rerandomization must be performed, it pauses the running application, injects a randomizer component that performs the actual rewriting of code, then deletes the randomizer component from the application's memory, and resumes the application. This process protects the randomizer from infiltration. To change the memory layout of a running application without causing a crash, TASR updates all memory addresses stored in the application during rerandomization.

    TASR has several advantages over other randomization techniques. It protects against all existing types of information leaks for memory corruption attacks, regardless of the specific method of attack (e.g., viruses, email phishing, access via the Internet) or type of vulnerability (e.g., logic flaws, race conditions, buffer overflows). TASR is flexible: it is compatible with full standard C language, does not require additional hardware, and is backward-compatible with legacy systems. Finally, performance evaluations carried out by the research team showed that the fully automated TASR technique incurs a low execution overhead of only about 2.1 percent.

    The research team has published details on the development of the TASR technique and their assessments of its effectiveness in the Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. They are now pursuing opportunities to transition the technology into operational systems and have already taken some of the foundational concepts behind TASR and applied them to additional prototypes. They also plan to release portions of the TASR system under an open-source license. Researchers seeking more information on this technology may contact Okhravi.

    << Previous Day 2016/12/09
    [Calendar]     		Next Day >>

MIT Research News   About LJ.Rossia.org