Self-Motivation
David Goggins
Former Navy Seal
Career Development
Bryan Cranston
Actor
Critical Thinking
Liv Boeree
International Poker Champion
Emotional Intelligence
Amaryllis Fox
Former CIA Clandestine Operative
Management
Chris Hadfield
Retired Canadian Astronaut & Author
Learn
from the world's big
thinkers
Start Learning

Is there anything hackers can't hack? Now there is, thanks to a new way of coding.

Thanks to the beauty (and rigor) of formal mathematics, coders can now create hack-proof technology.

Kathleen Fisher: HACMS is a program at DARPA that ran for four-and-a-half years that was focused on using techniques from what is called the 'formal methods community', so techniques based on math more or less, to produce software for vehicles that came with proofs that the software had certain desirable properties; that parts of it were functionally correct, that there were no certain kinds of bugs in the software. And the consequence of those proofs is that the system is much harder to hack into.

So the formal methods community has been promising for, like, 50 years that they could produce software that provably didn’t have certain kind of vulnerabilities. And for more or less 50 years they have failed to deliver on that promise. Yes, they could produce proofs of correctness for code but for ten lines of code or 100 lines of code—not enough code to make a difference for any kind of practical purpose.

But recently there have been advances in a bunch of different research areas that have changed that equation, and so now formal methods researchers can prove important properties about code bases that are 10,000 or 100,000 lines of code. And that’s still small potatoes compared to the size of Microsoft Windows or the size of Linux which are millions, hundreds of millions of lines of code. But when you start to get to 10,000 or 100,000 lines of code there are really interesting software artifacts that fit in that size. Things like compilers and microkernels, and you can leverage those kinds of exquisite artifacts to build much more complex software systems where only a small part of the system has to be verified to be functionally correct, and then you can have lots of software running on top of it that doesn’t have that same level of assurance associated with it but that you can prove: it doesn’t matter what it does, it’s not going to affect the operation of the overall system. So, for example, HACMS researchers used the high-assurance code and put it on a Boeing Unmanned Little Bird which is a helicopter that can fly completely autonomously or it can fly with two pilots. And this helicopter has two computers on it: one is the mission control computer that controls things like 'fly over there and take a picture' or 'fly over there and take a picture', and communicate to the ground station or the operator who’s telling the helicopter what to do.

It also has a flight control computer that controls things like altitude hold and stability, sort of the mechanics of flying the helicopter at any given time period. So the researchers put seL4 microkernel, which is a verified microkernel guaranteed to be functionally correct, on the mission control computer, and they used it to create different software partitions. So one of those partitions was responsible for communicating with the ground station. Another one of those partitions was responsible for operating the camera that the helicopter had. The researchers verified that the code in the 'communicate with the ground station' was functionally correct and isolated from the software in the 'control the camera' part. So the camera part was all the legacy software that had previously been on the helicopter to control camera operation.

They allowed the red team to additionally put—the red team is a group of people who are charged with trying to take over control of the helicopter against the wishes of the legitimate operator—so they’re trying to hack in, take over control, disrupt the operation of the helicopter. So in this setting, the red team was allowed to have root access, so unfettered access within the camera partition, and was charged with: break out of this, take over control of the rest of the helicopter, disrupt the operation of the helicopter in any way, corrupt the messages to the ground station—basically interfere in any way you can with the legitimate operation of this helicopter. The red team had full access to the source code. They understood all the design documents. They knew as much about the system as you could reasonably expect to know.

And after six weeks they were not able to break out. They were not able to disrupt the operation of the copter at all. All they could do was they could fork-bomb themselves. They could basically crash their own process but the rest of the helicopter would then notice that that process was crashed and restart it again, restoring the operation of the camera. So that’s an example of where you could use the formal methods-based techniques to create this kind of thin level at the bottom, which was the seL4 microkernel, and then leverage that to produce the full functionality of the helicopter. The camera functionality might come and go as hackers break in or don’t break in but you’re guaranteed that the helicopter will be still able to communicate to the ground station and fly appropriately.

Hackers thrive on human error, but a new method of coding is ending that. Recent developments by the HACMS (High-Assurance Cyber Military Systems) program at DARPA has allowed computer scientists to use mathematical proofs to verify that code—up to 100,000 lines of it at a time—is functionally correct and free of bugs. Kathleen Fisher, professor of computer science and former program manager at DARPA, explains how this allows coders to build a thin base of hyper-secure code that is verified to be functionally correct, "and then you can have lots of software running on top of it that doesn’t have that same level of assurance associated with it but that you can prove: it doesn’t matter what it does, it’s not going to affect the operation of the overall system." To illustrate this technology in the real world, Fisher tells the story of how this new method of coding defended a Boeing Little Bird helicopter from a "red team" of hackers charged with causing havoc in the system and bringing that baby down. So is there anything hackers can't hack? Now there is, thanks to the beauty (and rigor) of formal mathematics.


A new hydrogel might be strong enough for knee replacements

Duke University researchers might have solved a half-century old problem.

Photo by Alexander Hassenstein/Getty Images
Technology & Innovation
  • Duke University researchers created a hydrogel that appears to be as strong and flexible as human cartilage.
  • The blend of three polymers provides enough flexibility and durability to mimic the knee.
  • The next step is to test this hydrogel in sheep; human use can take at least three years.
Keep reading Show less

Predicting PTSD symptoms becomes possible with a new test

An algorithm may allow doctors to assess PTSD candidates for early intervention after traumatic ER visits.

Image source: camillo jimenez/Unsplash
Technology & Innovation
  • 10-15% of people visiting emergency rooms eventually develop symptoms of long-lasting PTSD.
  • Early treatment is available but there's been no way to tell who needs it.
  • Using clinical data already being collected, machine learning can identify who's at risk.

The psychological scars a traumatic experience can leave behind may have a more profound effect on a person than the original traumatic experience. Long after an acute emergency is resolved, victims of post-traumatic stress disorder (PTSD) continue to suffer its consequences.

In the U.S. some 30 million patients are annually treated in emergency departments (EDs) for a range of traumatic injuries. Add to that urgent admissions to the ED with the onset of COVID-19 symptoms. Health experts predict that some 10 percent to 15 percent of these people will develop long-lasting PTSD within a year of the initial incident. While there are interventions that can help individuals avoid PTSD, there's been no reliable way to identify those most likely to need it.

That may now have changed. A multi-disciplinary team of researchers has developed a method for predicting who is most likely to develop PTSD after a traumatic emergency-room experience. Their study is published in the journal Nature Medicine.

70 data points and machine learning

nurse wrapping patient's arm

Image source: Creators Collective/Unsplash

Study lead author Katharina Schultebraucks of Columbia University's Department Vagelos College of Physicians and Surgeons says:

"For many trauma patients, the ED visit is often their sole contact with the health care system. The time immediately after a traumatic injury is a critical window for identifying people at risk for PTSD and arranging appropriate follow-up treatment. The earlier we can treat those at risk, the better the likely outcomes."

The new PTSD test uses machine learning and 70 clinical data points plus a clinical stress-level assessment to develop a PTSD score for an individual that identifies their risk of acquiring the condition.

Among the 70 data points are stress hormone levels, inflammatory signals, high blood pressure, and an anxiety-level assessment. Says Schultebraucks, "We selected measures that are routinely collected in the ED and logged in the electronic medical record, plus answers to a few short questions about the psychological stress response. The idea was to create a tool that would be universally available and would add little burden to ED personnel."

Researchers used data from adult trauma survivors in Atlanta, Georgia (377 individuals) and New York City (221 individuals) to test their system.

Of this cohort, 90 percent of those predicted to be at high risk developed long-lasting PTSD symptoms within a year of the initial traumatic event — just 5 percent of people who never developed PTSD symptoms had been erroneously identified as being at risk.

On the other side of the coin, 29 percent of individuals were 'false negatives," tagged by the algorithm as not being at risk of PTSD, but then developing symptoms.

Going forward

person leaning their head on another's shoulder

Image source: Külli Kittus/Unsplash

Schultebraucks looks forward to more testing as the researchers continue to refine their algorithm and to instill confidence in the approach among ED clinicians: "Because previous models for predicting PTSD risk have not been validated in independent samples like our model, they haven't been adopted in clinical practice." She expects that, "Testing and validation of our model in larger samples will be necessary for the algorithm to be ready-to-use in the general population."

"Currently only 7% of level-1 trauma centers routinely screen for PTSD," notes Schultebraucks. "We hope that the algorithm will provide ED clinicians with a rapid, automatic readout that they could use for discharge planning and the prevention of PTSD." She envisions the algorithm being implemented in the future as a feature of electronic medical records.

The researchers also plan to test their algorithm at predicting PTSD in people whose traumatic experiences come in the form of health events such as heart attacks and strokes, as opposed to visits to the emergency department.

Hints of the 4th dimension have been detected by physicists

What would it be like to experience the 4th dimension?

Two different experiments show hints of a 4th spatial dimension. Credit: Zilberberg Group / ETH Zürich
Technology & Innovation

Physicists have understood at least theoretically, that there may be higher dimensions, besides our normal three. The first clue came in 1905 when Einstein developed his theory of special relativity. Of course, by dimensions we’re talking about length, width, and height. Generally speaking, when we talk about a fourth dimension, it’s considered space-time. But here, physicists mean a spatial dimension beyond the normal three, not a parallel universe, as such dimensions are mistaken for in popular sci-fi shows.

Keep reading Show less

How often do vaccine trials hit paydirt?

Vaccines find more success in development than any other kind of drug, but have been relatively neglected in recent decades.

Pedro Vilela/Getty Images
Surprising Science

Vaccines are more likely to get through clinical trials than any other type of drug — but have been given relatively little pharmaceutical industry support during the last two decades, according to a new study by MIT scholars.

Keep reading Show less
Quantcast