Dr. Xuxian Jiang's team found a data stealing vulnerability in Android v2.3. More details can be found here including the next steps in response to the discovery.
 

Opus v0.1 has been released and is now ready for use by the public.  Download the 0.1 release here

What is Opus?

1. Opus is an Open Source Services Management Platform written in Python that runs on Django. It provides a framework to manage Django projects in an extremely secure, scalable way designed specifically for multi-tenant systems requiring web-app isolation. Our ultimate goal is for Opus to handle the deployment, scaling, migration, and security of web applications and services, giving applications the power to utilize cloud resources.
    
2. Opus is a community, providing a collection of services and applications which are easily deployed, managed, and configured on the core platform.  Browse the community site at opus.ncsu.edu

What Opus can do for your web services?

Have a web service or application written in Django? Django is a great web framework, but the administrator still has to do quite a bit of manual work. You must set up the project, configure the database, configure a web server, and set all the components up to work together. And after all that, it doesn't scale for you; as soon as you outgrow the single server setup, your workload has doubled. An administrator must manually configure each web node, manually deploy Django projects across them, manually configure a load balancer, etc.

The goal of Opus is to be an automation layer for all of these tasks. Web services deployed on top of Opus are automatically scaled when demand increases. New virtual machines are started and stopped as needed. It is aimed to be a hands free solution for scalable web applications or services.

How do I Get Involved?

• Download Opus 0.1 and try it
• Join the Opus mailing list
• Browse the documentation
• Browse the source code

Wednesday 7/21/2010
Room 3211, Engineering Building II, NC State University
Plenary
9:00

• Welcome & Introduction - Dennis Kekas
• SOSI Management Overview - Dennis Kekas
• Overview of ITng - Wayne Clark
• SOSI Year 2 Technical Overview - Dr. Peng Ning

Security of cloud computing infrastructure
9:30 - HyperSafe: Enabling Hypervisor Self-Protection from Code-Injection Attacks - Dr. Xuxian Jiang
9:45 - Assuring Runtime Service Integrity in Cloud Systems - Dr. Xiaohui "Helen" Gu
10:00 - Flow Isolation in Optical Networks - Dr. George Rouskas
10:15 - HyperSentry: Enabling Stealthy In-context Measurement of Hypervisor Integrity - Dr. Peng Ning
10:30 -- 10:45 Break
Open source software security
10:45 - Automatic Security Testing and Monitoring for Software Applications - Suresh Thummalapenta (On behalf of Dr. Tao Xie)
11:00 - Investigating the Relationship between Developer Collaboration and Software Security - Andy Meneely (On behalf of Dr. Laurie Williams)
11:15 - Towards a Software Reliability Engineering View of Open Source Software Security - Prasanth Anbalagan (On behalf of Dr. Mladen Vouk)
Security of service oriented computing
11:30 - Trustworthy Service Selection Based on Adaptive Exploration - Dr. Munindar Singh
11:45 - A Policy Reasoning Tool for Composite Services - Dr. Ting Yu
12:00 -- 1:00pm Lunch Break
Wireless Security
1:00 - CentMesh -- The Centennial Wireless Mesh Network Testbed - Dr. Mihail Sichitiu
1:15 - Jamming-Resistant Broadcast Using Frequency Hopping in Multihop Networks - Dr. Huaiyu Dai
1:30 - A Routing Layer Approach to Jamming Effect Mitigation in Multihop Wireless Networks - Umang Patel (On behalf of Dr. Rudra Dutta)
1:45 - An Intelligence Sharing Framework for Socialized Mobile Networks - Seongro Yoon (On behalf of Dr. Injong Rhee)
Security in emerging open systems
2:00 - Assessment of Security Functionality in Power Grid Systems - Zhuo Lu (On behalf of Dr. Wenye Wang)
2:15 - Defending Against Sybil Nodes in File-Sharing Systems - Jung Ki So (On behalf of Dr. Douglas Reeves)
2:30 - Identifying Data Attacks in CPS Real-Time Systems - Chris Zimmer (On behalf of Dr. Frank Mueller)
Testbed
2:45 - VCL testbed and wireless mesh testbed - John Bass
3:00 -- 3:15 Break
Wrap-up
3:15

• Second Year Successful Outcomes - Dennis Kekas
• Plan for Year 3 Activities - Dr. Peng Ning

3:30 General Discussion
4:00 Adjourn

ITng participated in Open Source Panel with Google and Red Hat to discuss the evolution and growth of open source technologies.  The panel occurred at WWW 2010 in the Raleigh downtown convention center, was chaired by Red Hat Vice President for Corporate Affairs, Tom Rabon, and included the following individuals:

• Brian Bouterse - Research Associate, ITng
• Chris DiBona - Open Source and Public Programs Manager, Google
• Paul Jones - Director of iBiblio

The panel began by looking back at how far open source has come; panelists shared anecdotal experiences with some of the first open source technologies including HTTP and the internet.  Jones relayed his story of when Tim-Berners Lee visited Paul Jones at Chapel Hill to install the first installation of HTTP code running in North America.  See the video of this story here.
 
Intellectual property law and governance was also discussed heavily, with the entire panel recognizing that strong intellectual property laws will catalyze opens source and open technologies.  It was noted that this is especially true in developing nations where weak intellectual property law enforcement can hinder the adoption of open technologies when there is little or no enforced penalty for stealing proprietary software.
 
The relationship between proprietary and open technologies was also discussed from multiple perspectives.  Chris DiBona considers the ability to have the source code that supports your business is worth something additional, possibly a lot or a little depending on the situation.  Bouterse additionally argued that proprietary technologies tend to innovate and be brought to market quicker, while open source communities tend to commoditize existing technologies.  See the video of this section here.

Dr. Xuxian Jiang and his graduate student Zhi Wang made a quite a splash after presenting their findings on 'HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow' at the IEEE Symposium on Security and Privacy on May 18, 2010. A list of press articles can be found here. Securing the hypervisor is a fundamental need for creating trust in virtualized computing systems. You can follow Dr. Jiang's work here.

The Institute for Next Generation IT Systems (ITng) will celebrate it's creation with a launch event wednesday April 21 through thursday April 22, 2010.

The event will include presentations on the structure of ITng and how it connects to NCSU, progress reports on active projects, workshops for each of ITng's focus areas (IT Security, Healthcare IT, Energy IT, and Education IT), and the 2010 Free and Open Source Software Fair.

The event will be held in Engineering Building 2 on NCSU's Centennial Campus.

• An agenda is listed here.
• Please register here.