New hacking technique imperceptibly changes memory virtual servers
For the first time ever a team of Dutch hacking experts, led by cyber security professor Herbert Bos, managed to alter the memory of virtual machines in the cloud without a software bug, using a new attack technique.
With this technique an attacker can crack the keys of secured virtual machines or install malware without it being noticed. It’s a new deduplication-based attack in which data can not only be viewed and leaked, but also modified using a hardware glitch. By doing so the attacker can order the server to install malicious and unwanted software or allow logins by unauthorized persons.
Deduplicationand Rowhammer bug
With the new attack technique Flip Feng Shui (FSS), an attacker rents a virtual machine on the same host as the victim. This can be done by renting many virtual machines until one of them lands next to the victim. A virtual machine in the cloud is often used to run applications, test new software, or run a website. There are public (for everyone), community (for a select group) and private (for one organization accessible) clouds. The attacker writes a memory page that he knows exists in the victim on the vulnerable memory location and lets it deduplicate. As a result, the identical pages will be merged into one in order to save space (the information is, after all, the same). That page is stored in the same part of the memory of the physical computer. The attacker can now modify the information in the general memory of the computer. This can be done by triggering a hardware bug dubbed Rowhammer, which causes flip bits from 0 to 1 or vice versa, to seek out the vulnerable memory cells and change them.
The researchers of the Vrije Universiteit Amsterdam, who worked together with a researcher from the Catholic University of Leuven, describe in their research two attacks on the operating systems Debian and Ubuntu. The first FFS attack gained access to the virtual machines through weakening OpenSSH public keys. The attacker did this by changing the victim’s public key with one bit. In the second attack, the settings of the software management application apt were adjusted by making minor changes to the URL from where apt downloads software. The server could then install malware that presents itself as a software update. The integrity check could be circumvented by making a small change to the public key that verifies the integrity of the apt-get software packages.
Debian, Ubuntu, OpenSSH and other companies included in the research were notified before the publication and all have responded. The National Cyber Security Centre (NSCS) of the Dutch government has issued a fact sheet containing information and advice on FFS.
VU is one of two large, publicly funded research universities in the city, the other being the University of Amsterdam (UvA).
The literal translation of the Dutch name Vrije Universiteit is “Free [as in liberated] University”. Both within and outside the University, the institution is commonly referred to as “the VU” (pronounced somewhat like ‘vew’ as in ‘new’). In English, therefore, the university uses the name “VU University”.
Though founded as a private, faith-based institution, VU has received government funding on a parity basis with public universities since 1970. Over the past decades, VU has transformed from a small, Protestant institution into a broad, research-intensive university attended by a wide variety of students of diverse backgrounds.
The university is located on a compact urban campus in the southern Buitenveldert neighbourhood of Amsterdam and adjacent to the modern Zuidas business district.
In 2012, VU had about 24,500 registered students, most of whom were full-time students. Measured in FTE, the university had 2,250 faculty members and researchers, who were supported by 1,500 administrative, clerical and technical employees. The university’s annual endowment for 2013 is around € 450 million. About three quarters of this endowment is government funding, the remainder is made up of tuition fees, research grants, and private funding.
The emblem of the university is the griffin. The position of its wings symbolizes the freedom in the university’s name: freedom from both state and church.
Microbiologists unravel relationship among plants, mycorrhizal fungi
An ancient, mutually beneficial relationship between plants and fungi could make agriculture more sustainable by reducing the need for chemical fertilizers, according to professor Heike Bücking of the South Dakota State University Department of Biology and Microbiology.
For more than 500 million years, the majority of land plants have shared their carbohydrates with arbuscular mycorrhizal fungi that colonize their root systems, Bücking explained. In exchange, these fungi provide plants with nitrogen and phosphorous, and improve the stress resistance of their host.
These fungi are seen as living fossils and explore the soil with its hyphae in the search for nutrients, and deliver these nutrients to its host. As reward the host plant transfers anywhere from 4 to 20 percent of its photosynthetically fixed carbon to these mycorrhizal symbionts.
“We think these fungi have the potential to increase the biomass production of bioenergy crops and the yield of food crops and do so in a more sustainable and environmentally friendly way,” said Bücking. She studies these interactions in food and bioenergy crops including wheat, corn, soybeans, alfalfa, clover and perennial grasses, such as prairie cordgrass.
Her research has been supported by the National Science Foundation, South Dakota Wheat Commission, Sun Grant Initiative, Soybean Research and Promotion Council and the U.S. Department of Energy – Joint Genome Initiative.
Defining plant-fungi relationships
Supply and demand determine the amount of nutrients that plant and fungi exchange in this mutualistic relationship, according to Bücking. To unravel these complex interactions, she collaborates with researchers at the Vrije Universiteit in Amsterdam and the University of British Columbia as well as other South Dakota Agricultural Experiment Station researchers.
“Though a host plant is colonized by multiple fungi species simultaneously, the plant knows exactly where certain benefits are coming from. The host plant can distinguish between good and bad fungal behavior and allocates resources accordingly,” she said, noting that the host plant transfers anywhere from 4 to 20 percent of its photosynthetically fixed carbon to mycorrhizal fungi.
These fungi also form common mycorrhizal networks that give them access to multiple hosts. Her research showed that when host plants were shaded and thus decreased their carbohydrate allocation, fungi responded by reducing their nutrient share.
Optimizing fungi for specific crops
She and her collaborators have also found that some fungi are more beneficial than others. For example, Bücking and her collaborators evaluated the relationship between alfalfa and 31 different isolates of 10 arbuscular mycorrhizal fungal species.
They then classified the fungal isolates as high-, medium- or low-performance isolates. The researchers found that high-performance isolates increased the biomass and nutrient uptake of alfalfa by more than 170 percent, while the low-performance ones did not have any effect on growth.
However, those that benefit one crop may not provide the same nutrients or benefits to another crop species, she cautioned. “Even different isolates of one fungal species can behave differently, and it will be necessary to identify fungi that are optimally adapted to their specific environment and host plant to get the highest plant benefit.
Adapting to stressors
In addition to providing nutrients, these fungi can protect food and bioenergy crops from environmental stresses, such as drought, salinity and heavy metals, and diseases, Bücking explained. “All the stresses that a plant can potentially be exposed to are generally improved by mycorrhizal interactions.”
Increasing tolerance through conventional breeding generally targets only one specific stress factor, but crops are often subjected to multiple stresses simultaneously, she pointed out. “These fungi, if used efficiently, can provide the plant with an improved resistance against stresses that are often difficult for us to predict.”
However, she added, more research is necessary to better understand how this ancient symbiosis between land plants and fungi can be used to its full potential.
Transdisciplinary artist and researcher Ivan Henriques collaborated with scientists from the Vrije Universiteit Amsterdam to create a prototype for an autonomous bio-machine that harvests energy from photosynthetic organisms like algae and uses this energy to search for more of these organisms.
The Symbiotic Machine targets organisms that are found in water bodies like ponds, canals, rivers and the sea. It creates a symbiotic system with its environment as it detects, collects, carries, and processes these organisms. The machine can clean the environment of its location by collecting these organisms for energy and can potentially be used in places with harmful algae bloom.
The machine prototype focuses on detecting a specific algae, Spirogyra, a genus of filamentous green algae. The structure is designed to float in the water among the algae and is transparent in order to catch sunlight at any angle. The machine also has a mouth that takes in and grinds the algae to break down the membrane cells and release micro particles, and a stomach where the energy is harvested. The Symbiotic Machine is programmed to eat, move, sunbathe, rest, search for food, wash itself, and do it all over again on loop.
Numerous other promising avenues exist for the fibre-top cantilever, such as minimally invasive surgery
Scientist Davide Iannuzzi and his team have developed a method to place novel miniaturised mechanical devices on the tips of optical fibres. The technology has many applications, such as providing a new generation of small, super sensitive sensors for research, medical, and industrial applications.
The team received support from the European Research Council (ERC) in the form of two grants. The first EU-funded project was called FTMEMS (‘Fibre-top micro-machined devices: ideas on the tip of a fibre’) and he secured the second one, called FTBATCH (‘Small, but many: scalability to volume production in fibre-top technology’), to demonstrate that the technology could be scaled up to market competitively.
Iannuzzi likens the round end of the optical fibre to a swimming pool and the ‘fibre-top cantilever’ to a diving board. Inspiration for the idea came to Iannuzzi, Iannuzzi, who is based at the Vrije Universiteit Amsterdam, while he was conducting experiments in fundamental physics. The usual approach of shining a laser beam onto a cantilever was unwieldy and was not always accurate.
“Commercial instruments were causing spurious effects,” recalls Iannuzzi. “After some searching around it struck me – why not fabricate the cantilever onto the end of an optical fibre?”
This innovative idea possesses a number of clear advantages. By combining the mechanical reliability of micro-electro mechanical systems (MEMS) with the precision of optical fibre interferometers, it is highly sensitive. In addition, its all-optical sensing and portable size means it can function in extreme conditions and be controlled remotely.
Without the backing of the ERC, Iannuzzi would have had a much harder time proving the commercial worthiness of his innovative ideas. ERC support helped the researcher to scale up the production processes and analyse the market potential of different applications.
One of the most promising uses of this technological breakthrough is as ultra-versatile, super-sensitive sensors. For example, fibre-top cantilevers can be used, without the need for bulky and expensive equipment, for atomic-force microscopy (AFM) to record, ‘like the stylus of a record player’, the surface of an object with a nano-scale resolution.
Numerous other promising avenues exist for the fibre-top cantilever, such as minimally invasive surgery. With all this potential at stake, Iannuzzi discovered that being in the lab was not enough and decided to take his idea to market.
Drawing on the Italian tradition of design excellence and small-scale innovation and the Dutch acumen for transforming ideas into profitable products, Iannuzzi established, in 2011, a start-up called Optics11.
“The company is going very well,” Iannuzzi says with evident pleasure. “We have three employees and we’re about to hire a fourth, on top of the two founders. We’re expanding our range of applications.”
In fact, the firm is pursuing a customer-driven approach to its patented technology. Through interactions with scientists and researchers in various fields, says Iannuzzi, Optics11 is able to identify exciting new ideas for applications.
In addition to benefiting society and provide the basis for new business and jobs, this also has a benevolent feedback effect. “This helps the academic perspective as well, by generating ideas for new research avenues. For example, after talking to neuroscientists, we are now exploring ways to apply the technology in the neurosciences,” he says
Given the well-documented difficulty Europe experiences in translating research into innovation, fellow scientists may wonder how Iannuzzi finds combining a lab coat with a business suit, so to speak. “I find being an entrepreneur very interesting and very exciting. It’s very stimulating,” he enthuses.
What advice would this scientist-entrepreneur give other researchers wishing to take the leap into business?
“It requires a change of mindset. You have to know that this is not your field, so you have to be open to learning and getting the right help and advice,” he says. And this is exactly what Iannuzzi has done, seeking assistance from his university’s technology transfer office and teaming up with a professional entrepreneur to run the firm.
Iannuzzi has also become an unofficial adviser and mentor to fellow scientists at his university, helping them to consider the best way to bring their ideas to market.
While acknowledging the importance of innovation and commercialisation, Iannuzzi cautions against the dangers of overemphasising this aspect. “It is important that we give scientists the opportunity to try academic entrepreneurship,” he says. “However, it is wrong if everything is focused on that. Blue sky research is also necessary. ”
“I don’t want to live in a world without philosophers,” he concludes.