Nayar, the T.C. Chang Professorof Computer Science, came up with a prototype as sleekas an iPod and as tactile as aLego set: the Bigshot digitalcamera. It comes as a kit,allowing children as young aseight to assemble a device as sophisticated as the kindgrown-ups use—with a flash and standard, 3-D andpanoramic lenses—only cooler.Its color palette is inspired byM&Ms, a hand crank providespower even when there are no batteries and a transparentback panel shows the camera’sinner workings.

Nayar also worked with agroup of engineering students,led by Guru Krishnan, An Tranand Brian Smith, to create awebsite, bigshotcamera.org,that walks children, teachersand parents through the

assembly process. Eventually, itwill serve as a kind of Flickr forkids, with young photographersfrom around the world sharingtheir pictures. “The idea herewas not to create a device thatwas an inexpensive toy,” saysNayar. “The idea was to createsomething that could be usedas a platform for educationacross many societies.”

Nayar, chair of the ColumbiaUniversity Computer ScienceDepartment, worked on Bigshotfor two years. The project is an extension of his work as director of the ComputerScience Department’sComputer Vision Lab, wherehe has expertise in highly sensitive cameras. Among hisinventions is the Omnicam, a video camera that shootsseamless 360-degree images,and a technology—recently

Columbia University in the City of New YorkDepartment of Computer Science1214 Amsterdam AvenueMailcode: 0401New York, NY 10027-7003

ADDRESS SERVICE REQUESTED

NEWSLETTER OF THE DEPARTMENT OF COMPUTER SCIENCE AT COLUMBIA UNIVERSITY WWW.CS.COLUMBIA.EDU

NON-PROFIT ORG.

U.S. POSTAGE

PAID

NEW YORK, NY

PERMIT 3593

CUCS Resources

You can subscribe to the CUCS news mailing list at http://lists.cs.columbia.edu/mailman/listinfo/cucs-news

CUCS colloquium information is available at http://www.cs.columbia.edu/lectures

Read the CUCS Newsletter online athttp://www.cs.columbia.edu/resources/newsletters

CS@CU SPRING 2010 1

NEWSLETTER OF THE DEPARTMENT OF COMPUTER SCIENCE AT COLUMBIA UNIVERSITY VOL.6 NO.2 SPRING 2010

Stay in Touch!Visit the CUCS Alumni Portal athttps://mice.cs.columbia.edu/alum to:

• Update your contact information

• Look at recent job postings

• Get departmental news

If you know another alumni who may not bereceiving the newsletter, please forward theAlumni Portal link to them.

In the spirit of environmental responsibility, we are moving towards more electronic (andless hard-copy) distribution of the newsletter.

If you’d like to continue receiving paper

copies of the newsletter, please visit the

Alumni Portal to sign up.

Professor Shree Nayar’sLittle Camera is a Big Ideafor Children Around the World

Professor Shree Nayar has dedicated much of his computerscience career to improving theway cameras take pictures. Fouryears ago, he decided to move in a new direction: to design acamera that could improve theway children learn about scienceand one another. T. C. Chang Professor

of Computer ScienceShree Nayar

Young photographers at work on their Bigshot camera

Their administrative interfacesare viewable from anywhere onthe internet and their ownershave failed to change the man-ufacturer’s default password.

Linksys routers had the highestpercent of vulnerable devicesfound in the United States—45 percent of 2,729 routersthat were publicly accessiblestill had a default password in place. Polycom VoIP unitscame in second, with defaultpasswords lingering on about29 percent of 585 devicesaccessible over the internet.

“You can reflash the firmwareor install any software youwish on vulnerable devices,”said Salvatore Stolfo, aColumbia University computerscience professor who is over-seeing the research projectaimed at uncovering vulnerableappliances on the internet.“These devices will be ownedand used by bot herders andother miscreants.”

Hackers can use vulnerablerouters to conduct click fraudor DNS cache poisoning

attacks or to launch attacks onother systems. (See Wired’srecent Threat Level story aboutvulnerable routers used byTime Warner customers.)Someone with remote accessto the administrative interfaceof a VoIP system would alsobe able to install firmware torecord conversations.

The research project, devisedby Columbia University gradstudent Ang Cui at the univer-sity’s Intrusion DetectionSystems Laboratory, involvesscanning networks belongingto the largest internet serviceproviders in North America,Europe and Asia. The lab issponsored by the DefenseAdvance Research ProjectsAgency (Darpa), the Departmentof Homeland Security andother federal agencies.

“Vulnerable devices can befound in significant numbers inall parts of the world coveredby our scan,” the researcherswrote in a summary of theirinitial findings presented at a symposium in June.“Thedouble digit vulnerability ratessuggest that a large botnet canbe created by constituting onlyembedded network devices.”

Since initiating the project last December, the IntrusionDetection researchers havescanned 130 million IP addressesand found nearly 300,000devices whose administrative

interfaces were remotely accessible from anywhere on the internet. The 21,000 deviceswith default passwords are themost vulnerable, but the rest are theoretically vulnerable to brute-force password-cracking attacks,Stolfo said. Extrapolating fromthe numbers they’ve gathered,the researchers estimate that 6million vulnerable devices arelikely connected to the internet.

The group has so far focused onresidential routers and devicesbut is now looking at scanningmore sensitive networks tosearch for vulnerable devicesinside large corporations andgovernment networks.

“People tend to buy stuff andbring them to work and justplug them in,” Stolfo said.“Sowe think we’ll be able to findvulnerable devices in highlysensitive places.”

The researchers didn’t attemptto explore the administrativeinterfaces or tamper with thedevices they found, so theybelieve their work isn’t illegal.

“The scan script sends the public password for the product,and if the device respondswith the ‘command prompt’for that product interface, then the machine is obviouslyopen,” Stolfo said.“We do notaccess the machine. We breakthe connection at that pointand move on.”

ISPs can easily detect thescanning, and the researchersembedded a URL in their probesfor a webpage explaining theproject that gives networkproviders a chance to opt out.Stolfo says a couple of univer-sities, a security company and

government agency have sofar asked to be exempt fromthe scan.

The researchers have providedISPs with their findings in thehope that they will do somethingto protect vulnerable customers.

“It’s not clear how an ISPis going to do a generalannouncement, but we hopethere will be some way tocommunicate to the homeuser in particular about whatthey have to do to reconfiguretheir device,” Stolfo said.

But Stolfo says product makersare the real culprits and need tohide their administrative inter-faces by default and provideclear instructions for users whowant to alter that configuration.Vendors should also be moreforceful in communicating tousers that default passwordsneed to be changed to robustalphanumeric passwords thatinclude special characters tothwart brute force attacks.

“This is not a password you’regoing to need every day, sosetting a very hard passwordand recording it at home on apiece of paper is probably asafe thing to do,” Stolfo says.

The group plans to run the scanfor a few more months, thenwait before re-running it to see ifthe number of vulnerable deviceshas fallen after they’ve notifiedISPs about the vulnerabilities.

developed in collaboration withSony—that extends the rangeof brightness and color thatcameras can capture.

But, as the father of two youngchildren, he wanted to have animpact beyond the high-techsector on a humanitarian level.He was inspired by the 2005Oscar-winning documentaryBorn Into Brothels, whichdepicts the lives of childrengrowing up in Calcutta’s red-light district. The filmmaker,British photographer Zana Briski,gave 35 mm film cameras toeight children and watched asthose cameras transformedtheir lives.

“The film reaffirmed somethingI’ve believed for a long time,which is that the camera, as apiece of technology, has a veryspecial place in society,” saysNayar, who grew up in NewDelhi.“It allows us to expressourselves and to communicatewith each other in a very powerful way.”

With the Bigshot, Nayar wantsto not only empower childrenand encourage their creativevision, but also get them excitedabout science. Each buildingblock of the camera is designedto teach a basic concept ofphysics: why light bends whenit passes through a transparentobject, how mechanical energyis converted into electricalenergy, how a gear train works.

Nayar would like to roll out thecamera, now in prototype form,along the lines of the OneLaptop Per Child campaign: Foreach one sold at the full priceof around $100, several wouldbe donated to underprivilegedschools in the United Statesand abroad. He will soon beginlooking for a partner—a com-pany or nonprofit—to help putBigshot into production.

In the meantime, Nayar,Krishnan, Tran and Smith havebeen field-testing the camerawith children around the world.Over the summer, Krishnanand Tran took several Bigshotprototypes to their hometowns:Bangalore, India, and Vung Tau,Vietnam, respectively. Nayaralso brought the camera totwo New York City Schools,the private School at Columbiaand Mott Hall in Harlem.

Each spent a morning teachingseveral small groups of childrenhow to assemble the cameras;after lunch, their charges went out to take pictures. Theresponse from the kids was oneof overwhelming enthusiasm.“They were ready to buy thecamera then and there,” saysKrishnan.“One offered me10,000 rupees ($200).” Moreimportantly, tests that Nayarand his team gave out two dayslater showed that the studentshad retained the science concepts that Bigshot wasexpected to teach.

For Nayar, the best part of thisexperience has been looking atthe pictures.“I am addicted tothe pictures; I can’t get enoughof them,” he says.“The factthat some of the kids wereusing a camera for the firsttime, and they were able toframe what they thought wasimportant and capture thatmoment so beautifully, wasreally remarkable.”

It’s an experience he hopes tobring to many more children,locally and globally.

2 CS@CU SPRING 2010

Cover Story (continued)

CS@CU SPRING 2010 3

T. C. Chang Professor Shree Nayar with his Bigshot digital camera

This article by Anna Kuchmentappeared in the November 4, 2009issue of the Columbia Recordand is reprinted with permission.

Featured Articles

Researchers scanning the internet for vulnerable embedded devices have found nearly 21,000 routers, webcams and VoIPproducts open to remote attack.

©2009 Condé Nast Publications. All rights reserved. Originally published in Wired.com.Reprinted by permission.

Scan of Internet UncoversThousands of VulnerableEmbedded Devices

Professor Sal Stolfo

Ph.D. student Ang Cui

Linksys Router Vulnerability Rate

4 CS@CU SPRING 2010 CS@CU SPRING 2010 5

Featured Articles (continued)

people with legitimate accesswho behave in ways that put our data, our systems, our organizations, and evenour businesses’ viability at risk. Such behavior might not be malicious; it might bewell-intended but still haveunwelcome consequences.

Considerable research has beendone to examine the nature ofinappropriate insider activity,with the goal that eventuallyorganizations can reduce thethreat. Beginning in 1999,RAND conducted a series ofworkshops to generate aresearch agenda for addressingthis problem.l-3 In parallel, theUS Department of Defense(DoD) outlined a set of policychanges and research directionsfor reducing the insider threat.4

And the Software EngineeringInstitute’s Computer EmergencyResponse Team (CERT) hasbeen working with the USSecret Service to understand

convicted insiders’ motivations.5From these and other efforts, a rich literature illuminating various aspects of the insiderthreat problem is emerging.

The Scope of the Insider ThreatBut how real is the insiderthreat? Many recent anecdotesabout cybercrime suggest thatoften the threat to an organiza-tion’s computer-based assets isgreater from those within theorganization than from without.In a 2007 Computer SecurityInstitute survey about computercrime and security6, 59 percentof respondents thought they hadexperienced insider abuse ofnetwork resources. About one infour respondents said that morethan 40 percent of their totalfinancial losses from cyber attackwere due to insider activities.However, the 2008 survey hadsignificantly different results:As noted in last year’s report, a greatdeal is made of the insider threat, particularly by vendors selling solutionsto stop insider security infractions. It’scertainly true that some insiders areparticularly well-placed to do enormousdamage to an organization, but this survey’s respondents seem to indicatethat talk of the prevalence of insidercriminals may be overblown. On theother hand, we’re speaking here offinancial losses to the organization, and in many cases significant insidercrimes, such as leaking customer data,may not be detected by the victimizedorganization and no direct costs maybe associated with the theft.7

Credible data describing thescope and impact of unwelcomeinsider actions are hard to comeby, for two reasons. First, manyorganizations are loathe toreveal the nature and magnitudeof the cyber incidents they’veexperienced for fear of reputa-tional harm. Second, most cyber surveys are conveniencesurveys; it’s impossible to knowwhat population the results represent. This paucity of data is challenging for insider threatresearchers, who need gooddata with which to build models,make predictions, and supportgood decision-making. The large-scale, carefully sampled NationalComputer Security Survey8 sug-gests that the threat is real andthe consequences significant:

• Forty percent of all incidentsreported by the 7,818respondents (representing36,000 US businesses) wereattributed to insiders.

• Seventy-four percent of allcyber theft was attributed to insiders, including 93 percent of embezzlementincidents and 84 percent ofintellectual property thefts.

For the past few years, theInstitute for InformationInfrastructure Protection (I3P)at Dartmouth College (withfunds from the US Departmentof Homeland Security) has sup-ported a project exploring waysto understand and address theinsider threat. With researchersat Columbia University, Cornell

University, Dartmouth College,MITRE, Indiana University,Purdue University, and RAND,we’ve examined not only howtechnology can reveal thethreat’s nature and magnitude,but also how it’s influenced bythe environment in which theinsiders operate. The overallgoal is to suggest appropriateresponses to the insider threat;after all, the response to aninsider accidentally selectingthe wrong menu entry shouldbe different from the responseto an ex-employee trying toexact revenge.

In our project’s early days, itbecame clear that many ideasexist about what “insider”means and what unwelcomebehavior constitutes an “insiderthreat.” For example, insidersare more than just employeesor ex-employees—they can bebusiness partners, auditors,consultants, or other peopleand systems who receiveshort- or long-term access to anorganization’s systems. Withouta unifying framework, we havedifficulty recognizing emerginginsider problems, comparingincidents, or dealing with themappropriately. For this reason,Joel Predd, Shari LawrencePfleeger, Jeffrey Hunker andCarla Bulford9 developed a taxonomy of insiders and theiractions, which Figure 1 shows.The taxonomy doesn’t pre-scribe a uniform definition;rather, it provides a consistent

As users, managers,researchers, or administrators, we often worry about outsiders attacking oursystems and networks,breaking through theperimeter defenses wehave established to keepout bad actors. But wemust also worry aboutthe insider threat—

Addressing the Insider Threat

by Shari Lawrence Pfleeger

(RAND Corporation)

and Salvatore J. Stolfo

(Columbia University)

Professor Sal Stolfo

vocabulary for describing clearlywhich aspects of the insiderthreat problem the researchand practice address. It also provides the basis for discussing, comparing, andcontrasting the various possibleresponses to different kinds of insider behaviors. The frame-work takes into account theroles of the organization, theindividual, the IT system, andthe environment in enablingunwelcome behavior.

Because not all insiders arealike, we must distinguishamong the different types ofinsider threat, differentiateproblems we can address fromthose we can’t, and determinethe roles technology and policyplay in crafting responses.Policy is a particularly thornyissue because the stated policy(called the de jure policy in the taxonomy) isn’t always thesame as its interpretation andenforcement (the de factopolicy). For example, mostorganizations forbid the use of their computer systems for personal use: the de jurepolicy. But in actuality, mostorganizations look the otherway for some personal uses:the de facto policy. Sometimes,the de facto policy is strongerthan the de jure, as when asecurity guard challenges aworker in the office at 2 a.m.,even though the worker iswearing a proper badge.

The goal of much insider threatresearch is to make more effec-tive the prevention, detection,mitigation, remediation, andpunishment of unwelcomeaction by the people and systems that have legitimateaccess to our networks. It’s notenough to expect technologyto prevent insider misdeeds.Instead, we need a multifacetedset of strategies that addressall elements of the taxonomy:the organization (including itsculture and goals), the system(including the completenessand correctness of its imple-mentation of de jure policy and its ability to learn de factobehavior), the environment(including legal restrictions on monitoring and analysis),and the individual (includingmotivation and intent). Table 1illustrates how the taxonomy,coupled with goals of preven-tion, detection, mitigation,remediation, and punishment,can suggest sensible andeffective response options.

As technologists, we often hopeto use our skills to monitorbehavior and predict the newthreats our systems will face.But the dynamic threat environ-ment, coupled with continuingtechnological advancement,make it impossible to predictwith certainty what our systemswill look like and what featuresand functions they’ll provide.That same uncertainty makes itdifficult to predict what insiders

will do and when and howthey’ll do it. However, the substantial literature on “work-place deviance”10 tells us withcertainty that insiders will continue to behave badly, usingour computer systems as ameans or as a target. Thus,insider threat detection and mitigation will continue to be avexing and persistent security—and very human—problem.

AcknowledgmentsThis material is based on work supportedby the US Department of HomelandSecurity under grant award numbers 2006-CS-001-00000 and 2006-CS-001-000001-02and the Army Research Office under grantARO DA W911NF-06-10151. The views andconclusions contained in this document are those of the authors and should not be interpreted as necessarily representingthe official policies, either expressed orimplied, of the US Department of HomelandSecurity or the Army Research Office.

References1. R.H. Anderson, Research and

Development Initiatives Focused onPreventing, Detecting, and Respondingto Insider Misuse of Critical DefenseInformation Systems: Results of aThree-Day Workshop, research reportRAND CF-151-OSD, RAND Corp., 1999.

2. R.H. Anderson et al., Research onMitigating the Insider Threat toInformation Systems #2, Proc. WorkshopHeld August 2000, research report RANDCF-163-DARPA, RAND Corp., 2000.

3. R.C Brackney and R.H. Anderson,Understanding the Insider Threat:Proceedings of a March 2004Workshop, research report RAND CF-196-ARDA, RAND Corp., 2004.

4. Final Report of the Insider ThreatIntegrated Process Team, Office of the Assistant Secretary of Defense(Command, Control, Communications,and Intelligence), US Dept. Defense, 24 Apr. 2000.

5. M. Keeney et al., “Insider Threat Study:Computer System Sabotage in CriticalInfrastructure Sectors,” US SecretService and CERT CoordinationCenter/SEI, May 2005.

6. R. Richardson, “2007 Computer Crimeand Security Survey,” ComputerSecurity Inst., 2007, pp. 12-13, 15;http://i.cmpnet.com/v2.gocsi.com/pdf/CSISurvey2007.pdf.

7. R. Richardson, “2008 CSI ComputerCrime and Security Survey,” ComputerSecurity Inst., 2008; www.gocsi.com/forms/csi_survey.jhtml.

8. R. Rantala, Cybercrime againstBusinesses, 2005, special reportNCJ221943, US Bureau of JusticeStatistics, Sept. 2008; www.ojp.usdoj.gov/bjs/pub/pdf/cb05.pdf.

9. J. Predd et al., “Insiders BehavingBadly,” IEEE Security and Privacy, vol. 6, no. 4, 2008, pp. 66-70.

10. S.L. Robinson and J. Greenberg,“Employees Behaving Badly: Dimensions,Determinants, and Dilemmas in theStudy of Workplace Deviance,” Trendsin Organizational Behavior, C.L. Cooper,and D.M. Rousseau eds., vol. 5, Wiley,1998, pp. 1-30.

Figure 1. Framework for taxonomy of insiders and their actions. This taxonomy provides a consistent vocabulary for describing which aspects of the insider threat are beingaddressed, and takes into account the roles of organizations, individuals, IT systems, and the environment in enabling insider threat behavior.9

Table 1. Applying a framework for responding to insider threats.

The system(embedded policy)

The environment(laws, economics, ethics)

The organization(expressed policy)

The individuals(perceived policy and intent)

DETECTION PREVENTION MITIGATION PUNISHMENT REMEDIATION

ORGANIZATION: Create organizational Update related policies Update related policiesNO EXPRESSED POLICY policy

SYSTEM: Embedded decoys; Embed organizational NO EMBEDDED POLICY watchful monitoring policy

INDIVIDUAL: User training, incentives, NO MALICIOUS INTENT reminders, access control

ENVIRONMENT: Remind users of legal Apply legal punishmentsLAW, ETHICS APPLY implications of their actions

and of costs to organization

This article is excerpted from theGuest Editor’s Introduction of theNovember/December 2009 IEEESecurity and Privacy Magazine’sSpecial Issue on Insider Threats,and is reprinted with permission of the magazine. For the full articlesee http://www.computer.org/portal/web/security/home

6 CS@CU SPRING 2010 CS@CU SPRING 2010 7

Featured Lectures

2009-10DistinguishedLecture Series The Computer Science Department enjoyedanother successful Distinguished LectureSeries during the 2009-10 academic year. Thisyearly series brings world-renowned scientistsand pioneers in academia and industry fromacross the country to Columbia's campus.

These distinguished speakers give talks about theirresearch, field questions from the audience, and meetwith faculty and students. The lectures are open to the public, and videos of all talks are available at theComputer Science department website (http://www.cs.columbia.edu/lectures). The Distinguished LectureSeries ensures that members of the department and the community at large see first-hand the latest andgreatest computer science research emerging outsidethe Columbia campus.

This year four lecturers visited and discussed a broadand exciting range of topics. These speakers helpedmake this year an exciting and inspirational one for computer science at Columbia. Stay tuned next yearwhen more of the world’s greatest researchers will visit our department and tell us about their work.

Professor Yoky Matsuoka

of the University ofWashington visited onOctober 26 and spokeabout Understanding

Humans with

Neurobotics.

Professor Matsuoka is theTorode Family Endowed CareerDevelopment Professor in Computer Science andEngineering at the University of Washington. She receivedher Ph.D. at MIT in ElectricalEngineering and ComputerScience in the fields of ArtificialIntelligence and ComputationalNeuroscience. Her work has been recognized with aMacArthur Fellowship, and shehas been acclaimed as one of“The Brilliant Ten” in PopularScience Magazine and one of the“Power 25” in SeattleMagazine. She has received aPresidential Early Career Awardfor Scientists and Engineers(PECASE), an Anna LoomisMcCandless Chair fromCarnegie Mellon University,and the IEEE Robotics andAutomation Society EarlyAcademic Career Award.

Neurobotics is a field that lies atthe intersection of Robotics andNeuroscience. In Neurobotics,robotic models and environ-ments are used to understandthe neuromuscular control andbiomechanics of human limbs.In parallel, robotic systems aredeveloped to augment, replaceand rehabilitate damaged sensorimotor functions.Professor Matsuoka presentedan overview of this work, witha detailed example of how tounderstand and restore humanlevel dexterity.

Professor Andrew

Odlyzko of the Universityof Minnesota visited onOctober 5 and spokeabout Network Evolution,

Network Economics,

and Network Innovation.

Professor Odlyzko has writtenover 150 technical papers incomputational complexity,cryptography, number theory,combinatorics, coding theory,analysis, probability theory,and related fields. In recentyears he has also been work-ing in electronic commerce,economics of data networks,and economic history, espe-cially on diffusion of techno-logical innovation. ProfessorOdlyzko had a long career in research and research management at Bell Labs and AT&T Labs, and then builtan interdisciplinary researchcenter in Minnesota.

Technology is opening upexciting new opportunities innetworking, especially throughthe convergence of wireline andwireless communications. Buttechnology is just one element,and, as in the past, and perhapsmore than in the past, econom-ics and regulation will havemajor influences on what isdeployed, and how it is used.In his talk Professor Odlyzkosurveyed the past and present,and offered some speculationsabout the future. He presentedsome of the key constraints ontechnological dreams, includingthe many false dogmas thatare hobbling progress.

Professor Barbara Liskov

of the MassachusettsInstitute of Technologyvisited on December 7and spoke about The

Power of Abstraction.

Professor Liskov is an InstituteProfessor at MIT and alsoAssociate Provost for FacultyEquity. She is a member of the National Academy ofEngineering, a fellow of theAmerican Academy of Arts and Sciences, and a fellow of the ACM. She received theACM Turing Award in 2009, theACM SIGPLAN ProgrammingLanguage Achievement Award in 2008, the IEEE Von Neumannmedal in 2004, a lifetimeachievement award from theSociety of Women Engineers in1996, and in 2003 was namedone of the 50 most importantwomen in science by DiscoverMagazine. Her research interestsinclude distributed systems,replication algorithms to providefault-tolerance, programmingmethodology, and programminglanguages. Her current researchprojects include Byzantine-

Professor John Lafferty

of Carnegie MellonUniversity visited onMarch 1 and spokeabout Three Rivers in

Machine Learning: Data,

Computation and Risk.

Professor Lafferty is a profes-sor in the Computer ScienceDepartment at CarnegieMellon University, with jointappointments in the MachineLearning Department and theDepartment of Statistics. Hisresearch interests includemachine learning, statisticallearning theory, natural lan-guage processing, informationtheory, and informationretrieval. Prof. Lafferty receivedthe Ph.D. in Mathematics fromPrinceton University, where he was also a member of the Program in Applied andComputational Mathematics.He is an IEEE Fellow, hasserved as co-director of CMU’snew Machine Learning Ph.D.Program, and currently servesas associate editor of theJournal of Machine LearningResearch and the ElectronicJournal of Statistics.

Machine learning is a confluenceof computer science and statistics that is empoweringtechnologies such as searchengines, robotics, and person-alized medicine. Fundamentally,

the goal of machine learning isto develop computer programsthat predict well, according to some measure of risk oraccuracy. The predictionsshould get better as more historical data become available.The field is developing inter-esting and useful frameworksfor building such programs,which often demand largecomputational resources.Theoretical analyses are alsobeing advanced to help under-stand the tradeoffs betweencomputation, data, and risk thatare inherent in statistical learn-ing. Two types of results havebeen studied: the consistencyand scaling behavior of specificconvex optimization procedures,which have polynomial compu-tational efficiency, and lowerbounds on any statistically efficient procedure, withoutregard to computational cost.Professor Lafferty’s talk gave a survey of some of thesedevelopments, with a focus onstructured learning problemsfor graphs and shared learningtasks in high dimensions.

fault-tolerant storage systems,peer-to-peer computing, and support for automatic deploy-ment of software upgrades inlarge-scale distributed systems.

Abstraction is at the center of much work in ComputerScience. It encompassesfinding the right interface fora system as well as findingan effective design for a system implementation.Furthermore, abstraction is the basis for program construction, allowing programs to be built in amodular fashion. In her talk,Professor Liskov discussedhow the abstraction mecha-nisms we use today came tobe, how they are supportedin programming languages,and some possible areas forfuture research.

Further details of the lecture series are available online at:http://www.cs.columbia.edu/lectures

8 CS@CU SPRING 2010 CS@CU SPRING 2010 9

Other News

Professor Steven Bellovin

taught a new course, COMS 3995, Computers

and Society, in the Spring2010 semester.

Computers are heavily entwinedin almost everything we do.Their use is not an unmixedblessing. For example, we canget our news from many free,online sources—but their existence is threatening theexistence of the newspapersthat employ the reporters whogather the news. Social mediaare a great way to interact—but they can threaten personalprivacy. This course exploressuch issues and more. Specifictopics covered include privacy,risks of computer systems,ethical issues for practitioners,employment, freedom ofspeech, social networks, andintellectual property. The courseis structured as a combinationof lecture and seminar; discussion and opinions arestrongly encouraged.

Adjunct Professor Sameer

Maskey taught a new course,COMS 6998-007, Statistical

Methods for Natural

Language Processing, in the Spring 2010 semester.Prof. Maskey is a ResearchStaff Member at the IBM T.J.Watson Research Center.

The course explores topics inStatistical Methods/MachineLearning for real-world NaturalLanguage Processing (NLP)problems. Students study MLtopics that are commonly usedin NLP such as MaximumEntropy Models, Hidden MarkovModels, Clustering techniques,Conditional Random Fields,Expectation-Maximizationalgorithm, Active Learning andSupport Vector Machines. Thecourse explains how thesemethods are applied to realworld NLP problems such asinformation extraction, stochasticparsing, text segmentation andclassification, topic/documentclustering and word sense disambiguation. Students alsostudy the details of inferencealgorithms such as Viterbi,Synchronous Chart Parsing andBeam Search. Students gethands-on experience by imple-menting some of these MLtechniques for classification,clustering and a complex NLPtask of machine translation.

New Computer Science Courses

Adjunct Professor Sameer Maskey

Professor Vishal Misra

Adjunct Professor Erich Nahum

Professor Vishal Misra taughta new course, COMS 6998-002, Internet Economics, inthe Spring 2010 semester.

This course introduces moderntopics in Internet Economics. The course first addresses thetheoretical foundations from a game theoretic perspective,covering topics from coopera-tive and non-cooperative game theory. Topics includeInformation, Auctions, Bargainingand Coalitions and MechanismDesign. The course then moveson to application areas such asISP settlements, ComputationalAdvertising, P2P incentive mechanisms and SpectrumAuctions. Both real life case studies as well as researchpapers are covered in class.

Adjunct Professor Erich Nahum

taught a new course, COMS6998-005, Network Systems

Design and Implementation,in the Spring 2010 semester.Prof. Nahum is a ResearchStaff Member at the IBM T.J.Watson Research Center.

This class takes a deep look at how network protocols aredesigned and implementedusing the Linux kernel as a casestudy. The goal is to understandhow this important subsystemworks in detail in order to conduct experimental researchusing the Linux kernel. Theclass includes detailed codewalkthroughs of a recent Linuxkernel (most likely 2.6.31), aclass project, and relevantresearch paper readings andpresentations. Topics include:

• Specific network protocolimplementations such assockets, TCP, IP, Ethernet,ARP, network device drivers,routing and bridging;

• Support mechanisms suchas buffer management, packet queuing, timers, hash tables, interrupts, and synchronization;

• Network-related securitymechanisms such as packetcapture, filtering, firewalling,iptables, and netfilter;

• Other kernel support facilitiessuch as profiling, tracing,and debugging.

Grading is based on class participation, an in-class presentation and a projectinvolving modifying the Linux kernel.

Adjunct Professor Pablo

Rodriguez taught a newcourse, COMS 6998-003, Next Generation Network

Architectures, in the Spring2010 semester. Prof. Rodriguezis the Internet ScientificDirector at Telefonica Barcelona,where he leads the systemsand networking research team.

Students in this course learnthe network architecturesbehind some of the most successful Internet services(e.g. Facebook, Twitter, Spotify);learn about the latest modernInternet architectures (greenernetworks, networking technolo-gies for emerging regions, DataCenter networking, clean slatedesigns); become equipped forresearching modern networksand distributed systems; andgain exposure to practical, realworld network architectures.Each topic provides backgroundon existing mechanisms andincludes discussions of currentpublications and ongoingresearch. Students are gradedbased on paper reviews, contri-butions to in-class discussions,and a final project. The finalproject is an opportunity forhands-on research. It involvesliterature survey, programming,running experiments or modeling, analyzing resultsand writing a report.

Professor Yechiam Yemini

taught a new course, COMS4995-001, Principles of

Innovation and

Entrepreneurship, in theSpring 2010 semester.

Dell, Yahoo, Google andFacebook were founded bycollege students. Could you bebuilding the next star technologystartup? While the future willtell, this course provides thebasic knowledge and skills tohelp you answer this question.Among other topics, thecourse studies how changes intechnology paradigms give riseto novel opportunities; how toidentify, analyze and exploitthese opportunities; how todesign innovative products and business models to createsustainable competitive edge;how to transform loosehypotheses—on technologies,opportunities, customers, markets, etc—to effectivestrategic business plans; andhow to translate these plansinto focused execution whileavoiding common ‘bugs’. Classesinclude discussions of the basicprinciples of innovation; briefworkshops in applying them;presentations by founders/CEOs of high-tech startups; andassignments and team projectsto create early stage startups.Teams of 3-4 students will pur-sue an incremental sequence of assignments, emulating earlydevelopment of a startup. Theseassignments will culminate in a business plan and proof-of-concept prototypes. The courseis intended for graduate andadvanced undergraduate CSstudents, but is suitable forother engineering, science andbusiness school students.

Professor Steven Bellovin

Adjunct Professor Pablo Rodriguez

Professor Yechiam Yemini

10 CS@CU SPRING 2010 CS@CU SPRING 2010 11

Professor Luis Gravano won a Google Research Award forhis project titled “Finding andCharacterizing the World’sEvent Media.” Social mediasites make it easy for users topublish content that is capturedor produced in association withreal-world events. These eventsrange from widely known ones,such as a presidential inaugura-tion, to smaller, community-specific events, such as anannual convention or a localgathering. Unfortunately, theexisting tools to find, organize,and search the social mediacontent associated with eventsare extremely limited. This project aims to transform theway in which people search and consume social media content from real-world events,a key information-seeking task,by addressing two importantproblems: identification ofevents and their associatedsocial media content, andevent search.

Professor Tony Jebara won aGoogle Research Award for hisproject titled “NetTrailMix”. Thegoal of this project is to set upa collaborative filtering problemmuch like the Netflix challengewhere recommendations areprovided to users based on largeamounts of unsupervised humansocial activity (as opposed tomore standard rating data).

Professor Tal Malkin won aGoogle Research Award for herproject titled “Efficient Routingby Oblivious Nodes”. Theresearch will enhance routingprotocols such that they cancompute high-performanceroutes in a computationallyefficient manner withoutrevealing information thatmight reveal the location ofparticipating nodes. This allowsusers to send and receivehigh-bandwidth, low-latencytransmissions such as videoand audio feeds withoutrevealing their location.Potential applications includecelebrity multimedia twitter-likefeeds, and network-supportedaction gaming.

Professor Vishal Misra won a Google Research Award forhis project titled “IncentivizingManaged Peer to Peer Systems:A Fluid Shapley Value Approach.”With the spread of technologytoday, users everywhere havesome resources that can aidproviders in increasing revenueor reducing costs. Examplesrange from users contributingpopular viral videos on YouTubeto cellphone customers installingfemtocells at their residencesto reduce network load. Thisproject aims to study the rightincentive mechanisms for bothproviders as well as customersto participate in the systembased on some recent analyticaltechniques developed by Prof.Misra and his collaborators.

Featured Awards

Professors Luis Gravano, Tony Jebara, Tal Malkin,and Vishal Misra have recently received Googleresearch awards for projects on web search forevent media, on collaborative filtering, on securerouting protocols using oblivious nodes, and onincentivizing managed peer-to-peer systems.

CUCS Faculty Receive Google Research Awards

Professor Luis Gravano

Professor Tony Jebara

Professor Vishal Misra

Professor Tal Malkin

Recent & Upcoming PhD DefensesSpryridonAntonakopoulos Buy-at-bulk-relatedProblems inNetwork Design

Advisor: Professor Mihalis Yannakakis Abstract: We study a number of graph-theoretic optimizationproblems arising in networkdesign. In general, the objective isto determine a network with min-imum total cost that can supportgiven traffic demands, possiblysubject to additional constraints.Due to economies of scale, thecost of network components istypically sub-additive as a functionof the capacity they provide, sothese problems have a so-calledbuy-at-bulk character. Networkdimensioning, which representsa high-level phase within the longprocess of telecommunicationsnetwork planning, is a primarymotivation for this work. Weremark that although buy-at-bulknetwork design has received alot of attention from researchersin theoretical computer sciencefor more than a decade, theseefforts were concentrated oninvestigating a rather simple ver-sion of the problem with minimalconstraints, under a broad rangeof cost models that fall within the buy-at-bulk framework. Bycontrast, herein we initiate thestudy of several more involvedproblem variants, inspired by real-life situations. First, we investigatedirected buy-at-bulk networkdesign, which includes caseswhere network links allow onlyone-way traffic, or more generallywhere the cost of installingcapacity on a link is asymmetricwith respect to the direction of the traffic. Furthermore, inbuy-at-bulk network design withprotection, we are required toensure robustness against thefailure of any single component,by allocating capacity for eachtraffic demand along two disjointroutes in the network. Finally, we also consider the trafficgrooming problem, which ariseswhen demands requesting smallamounts of bandwidth must beaccommodated in an optical

network offering high-capacitytransmission channels. Our maincontributions are approximationalgorithms with non-trivial worst-case guarantees for each of theabove problems; moreover, fromthe experimental perspective, wepresent efficient heuristics thatperform very well on realisticproblem instances.

Matei Ciocarlie Low-DimensionalRoboticGrasping:EigengraspSubspaces

and Optimized Underactuation

Advisor: Professor Peter Allen Abstract: This thesis introducesnew methods for enabling theeffective use of highly dexterousrobotic hands, interfacing with theupcoming generation of neurallycontrolled hand prostheses, anddesigning a new class of simpleyet effective grasping devicesbased on underactuation andmechanical adaptation. Thesemethods share a common goal:reducing the complexity that hastraditionally been associated, atboth computational and mechani-cal levels, with robotic graspingin unstructured environments. A key prerequisite for robot operation in human settings isversatility, which, in terms ofautonomous grasping, translatesinto the ability to reliably acquireand interact with a wide range ofobjects. In an attempt to matchthe abilities of the most versatileend-effector known, the humanhand, many anthropomorphicrobotic models have been proposed, with the number ofdegrees of freedom starting toapproach that of their humancounterpart. However, thesemodels have proven difficult to use in practice, as the highdimensionality of the posturespace means that finding ade-quate grasps for a target objectis often an intractable problem. In this thesis, we propose usinglow-dimensional posture sub-

spaces for dexterous or anthro-pomorphic hands. Human userstudies have shown that most ofthe variance in hand posture fora wide range of grasping tasks is contained in relatively fewdimensions. We extend theseresults to a range of roboticdesigns, and introduce the concept of eigengrasps as thebases of a low-dimensional, linearhand posture subspace. We then show that a grasp synthesisalgorithm that optimizes handposture in eigengrasp space isboth computationally efficientand likely to yield stable grasps. The emerging field of neurallycontrolled hand prosthetics facesa similar challenge when usingdexterous hand models: bridgingthe gap between incomplete ornoisy neural recordings and thecomplete set of variables neededto execute a grasping task. Wepropose using an automatedgrasp planning component as aninterface, accepting real-timeoperator input and using it toassist in the synthesis of stablegrasps. Computational ratesneeded for direct interaction canbe achieved by combining opera-tion in eigengrasp space with on-line operator input. Furthermore,the eigengrasp planning spacecan also act as an interactionspace, allowing the operator toprovide meaningful input for thehand posture using few channelsof communication. Algorithmic approaches to low-dimensional grasping can enablecomputationally effective algo-rithms and interaction models.Hardware implementations have the potential to reducethe mechanical complexity andconstruction costs of a handdesign, using concepts such as underactuation and passivemechanical adaptation. Insteadof complex run-time algorithms,hand models in this class usedesign-time analysis to improveperformance over a spectrum of tasks. Along these directions,we present a set of analysis andoptimization tools for the design oflow-dimensional, underactuatedhands. We focus on tendon-basedmechanisms featuring adaptive

12 CS@CU SPRING 2010 CS@CU SPRING 2010 13

Recent & Upcoming PhD Defenses (continued)correct, we can at least tellwhether an output is incorrect. This thesis investigates threehypotheses. First, I claim that an automated approach to meta-morphic testing will advance the state of the art in detectingdefects in programs without test oracles, particularly in thedomains of machine learning,simulation, and optimization. Todemonstrate this, I describe a toolfor test automation, and presentthe results of new empirical stud-ies comparing the effectivenessof metamorphic testing to that of other techniques for testingapplications that do not have anoracle. Second, I suggest thatconducting function-level meta-morphic testing in the context ofa running application will revealdefects not found by metamor-phic testing using system-levelproperties alone, and introduceand evaluate a new testing technique called MetamorphicRuntime Checking. Third, Ihypothesize that it is feasible tocontinue this type of testing inthe deployment environment (i.e.,after the software is released),with minimal impact on the user,and describe a generalizedapproach called In Vivo Testing. Additionally, this thesis presentsguidelines for identifying meta-morphic properties, explains howmetamorphic testing fits into thesoftware development process,and discusses suggestions forboth practitioners and researcherswho need to test software withoutthe help of a test oracle.

AndrewRosenberg AutomaticDetection andClassification ofProsodic Events

Advisor: Professor Julia Hirschberg Abstract: Prosody, or intonation, isa critically important componentof spoken communication. Theautomatic extraction of prosodicinformation is necessary formachines to process speech withhuman levels of proficiency. In

this thesis we describe work onthe automatic detection and clas-sification of prosodic events—specifically, pitch accents andprosodic phrase boundaries. Wepresent novel techniques, featurerepresentations and state of theart performance in each of thesetasks. We also present threeproof-of-concept applications—speech summarization, story segmentation and non-nativespeech assessment—showingthat access to hypothesizedprosodic event information can beused to improve the performanceof downstream spoken languageprocessing tasks. We believe the contributions of this thesisadvance the understanding ofprosodic events and the use of prosody in spoken languageprocessing towards the goal ofhuman-like processing of speechby machines.

AlexanderSherman GuaranteeingPerformancethrough Fairness inPeer-to-PeerFile-Sharing

and Streaming Systems

Advisor: Professor Jason Nieh Abstract: Over the past decadePeer-to-Peer (P2P) file-sharingand streaming systems haveevolved as a cheap and widely-used technology in distributingcontent to users. Guaranteeing a level of performance in P2Psystems is, therefore, of utmostimportance. However, P2P file-sharing and streaming applica-tions suffer from a fundamentalproblem of unfairness, wheremany users have a tendency tofree-ride by contributing little orno upload bandwidth while con-suming much download band-width. By taking away an unfairshare of resources, free-ridersdeteriorate the quality of serviceexperience by other users, bycausing slower download timesand higher packet loss inside the file-sharing and streamingnetworks respectively. Previousattempts at addressing fair band-

width allocation in P2P, such asBitTorrent-like systems, sufferfrom slow peer discovery, inac-curate predictions of neighboringpeers’ bandwidth allocations,under-utilization of bandwidth,and complex parameter tuning.We present FairTorrent, a newdeficit-based distributed algorithmthat accurately rewards peers inaccordance with their contributionin a file-sharing P2P system. In a nutshell, a FairTorrent peeruploads the next data block to apeer to whom it owes the mostdata. FairTorrent is resilient toexploitation by free-riders andstrategic peers, is simple to imple-ment, requires no bandwidthover-allocation, no prediction of peers’ rates, no centralizedcontrol, and no parameter tuning.We implemented FairTorrent in aBitTorrent client without modifi-cations to the BitTorrent protocol,and evaluated its performanceagainst other widely-used Bit-Torrent clients using various scenarios including live BitTorrentswarms. Our results show thatFairTorrent provides up to twoorders of magnitude better fairness, up to five times betterdownload performance for contributing peers, and 60-100%better performance on averagein live BitTorrent swarms. Weshow analytically that for a number of upload capacity distributions, in a n-node Fair-Torrent network no peer is everowed more than 0(log(n)) datablocks with high probability. Achieving fair bandwidth alloca-tion in a P2P streaming scenario is even more difficult, as it comeswith an additional constraint: eachstream update must be receivedbefore its playback deadline. Weintroduce FairStream, a streamingP2P client, that leverages theFairTorrent algorithm for its peerreply policy, and implements addi-tional optimizations for requestingstream updates. We evaluateFairStream on the PlanetLab andcompare it against heuristics usedby the popular P2P streaming sys-tems, PPLive and GridMedia, aswell as BitTorrent’s tit-for-tat. Weshow that for peers that contributeupload bandwidth just above

the stream rate, FairStream canreduce packet loss to just 0.04%down from 33-71% experiencedby such peers in other systems. In addition, FairStream implementsa new algorithm that allows astreaming server to distributestream updates effectively to theusers despite the presence of alarge number of free-riders whomay not forward these updates.We show that despite as many as 70% of free-riding peers, usingits update distribution heuristics,FairStream is able to reduce thepacket loss to just 1% for con-tributing peers as compared to upto 70% packet loss experienced inthis scenario by the contributingpeers in other systems.

JuliaStoyanovich Search andRanking inSemanticallyRichApplications

Advisor: Professor Kenneth Ross Abstract: This thesis proposesnovel search and rankingapproaches for semantically rich application domains. The central role of DataManagement in today’s societymay be compared to the role ofPhysics in early 20th Centurywhen it entered its Golden Age.Data is the raw matter of theUniverse of Information, and, in a process analogous to nuclearfusion, data is transformed progressively into information,and then into knowledge. The advent of the World WideWeb as an information exchangeplatform and a social medium,both on an unprecedented scale,raises the user’s expectationswith respect to the availabilityand ease of access to relevantinformation. Web users build persistent on-line personas: theyprovide information about them-selves in stored profiles, registertheir relationships with otherusers, and express their prefer-ences with respect to informa-tion and products. As a result,rich semantic information about

joints and compliant fingertips,and show how a number of designparameters, such as tendonroutes or joint stiffnesses, can beoptimized to enable a wide rangeof stable grasps. The ability to effect change onthe environment through objectacquisition (grasping) and manipulation has the potential toenable many robotic applicationswith high social impact, includingeffective neural prostheses,robots for house care or personalassistance, etc. We believe thatthe methods presented in thisthesis represent a number ofsteps in this direction, advancingtowards a proven solution forreliable autonomous grasping in human environments.

Jinwei Gu Measurement,Modeling, andSynthesis ofTime-VaryingAppearance of NaturalPhenomena

Advisors: Professors Shree Nayar,Peter Belhumeur, Ravi Ramamoorthi Abstract: Many natural phenom-ena evolve over time—often coupled with a change in theirreflectance and geometry—and give rise to dramatic effectsin their visual appearance. Incomputer graphics, such time-varying appearance phenomenaare critical for synthesizing photo-realistic images. In computervision, understanding the forma-tion of time-varying appearance isimportant for image enhancementand photometric-based recon-struction. This thesis studiestime-varying appearance for avariety of natural phenomena—opaque surfaces, transparentsurfaces, and participatingmedia—using captured data. We have two main goals: (1) todesign efficient measurementmethods for acquiring time-varying appearance from the real world, and (2) to build compact models for synthesizingor reversing the appearanceeffects in a controllable way.

We started with time-varyingappearance for opaque surfaces.Using a computer-controlleddome equipped with 16 camerasand 160 light sources, weacquired the first database (with28 samples) of time-and-space-varying reflectance, including avariety of natural processes—burning, drying, decay and corro-sion. We also proposed a spacetime appearance factorizationmodel which disassembles thehigh-dimensional appearancephenomena into components thatcan be independently modifiedand controlled for rendering. We then focused on time-varyingappearance of transparent objects. Real-world transparent objectsare seldom clean—over time theirsurfaces will gradually be coveredby a variety of contaminants,which produce the weatheredappearance that is essentialfor photorealism. We derived a physically-based analyticreflectance model for recreatingthe weathered appearance inreal time, and developed single-image based methods to measurecontaminant texture patternsfrom real samples. The understanding of the weath-ered appearance of transparentsurfaces was also used forremoving image artifacts causedby dirty camera lenses. By incorporating priors on naturalimages, we developed two fully-automatic methods to remove the attenuation and scatteringartifacts caused by dirty cameralenses. These image enhance-ment methods can be used forpost-processing existing photo-graphs and videos as well as for recovering clean images forautomatic imaging systems suchas outdoor security cameras. Finally, we studied time-varyingappearance of volumetric phe-nomena, such as smoke and liquid.For generating realistic animationsof such phenomena, it is criticalto obtain the time-varying volumedensities, which requires eitherintensive modeling or extremelyhigh speed cameras and projec-tors. By using structured light andexploring the sparsity of such

natural phenomena, we developedan acquisition system to recoverthe time-varying volume densities,which is about 4 to 6 times moreefficient than simple scanning.From the perspective of computervision, our method provides a wayto extend the applicable domain ofstructured light methods from 2Dopaque surfaces to 3D volumes.

David Harmon Robust, Efficient,and AccurateContact Models

Advisor:Professor Eitan Grinspun

Abstract: Robust, efficient, andaccurate collision responseremains a difficult and challengingproblem in simulation. Manymethods exist that partiallyachieve these properties, butnone yet fully attain all three.This thesis investigates existingmethodologies with respect tothese attributes, and proposes anovel algorithm for the simulationof deformable materials thatdemonstrate them all. This newmethod is analyzed and optimized,paving the way for future work inthis greatly simplified but powerfulmanner of simulation.

ChristianMurphy MetamorphicTestingTechniques to DetectDefects inApplications

without Test Oracles

Advisor: Professor Gail Kaiser Abstract: Applications in the fieldsof scientific computing, simulation,optimization, machine learning,etc. are sometimes said to be“non-testable programs” becausethere is no reliable test oracle toindicate what the correct outputshould be for arbitrary input. Insome cases, it may be impossibleto know the program’s correct output a priori; in other cases, thecreation of an oracle may simplybe too hard. These applications

typically fall into a category of soft-ware that Weyuker describes as“Programs which were written inorder to determine the answer inthe first place. There would be noneed to write such programs, ifthe correct answer were known.”The absence of a test oracleclearly presents a challenge whenit comes to detecting subtleerrors, faults, defects or anom-alies in software in these domains. As these types of programsbecome more and more prevalentin various aspects of everydaylife, the dependability of softwarein these domains takes onincreasing importance. Machinelearning and scientific computingsoftware may be used for criticaltasks such as helping doctorsperform a medical diagnosis orenabling weather forecasters tomore accurately predict the pathsof hurricanes; hospitals may usesimulation software to understandthe impact of resource allocationon the time patients spend in the emergency room. Clearly, asoftware defect in any of thesedomains can cause great incon-venience or even physical harm ifnot detected in a timely manner. Without a test oracle, it is impos-sible to know in general what theexpected output should be for agiven input, but it may be possibleto predict how changes to theinput should effect changes inthe output, and thus identifyexpected relations among a setof inputs and among the set oftheir respective outputs. Thisapproach, introduced by Chen et al., is known as “metamorphictesting”. In metamorphic testing,if test case input x produces an output f(x), the function’s so-called “metamorphic properties”can then be used to guide thecreation of a transformation func-tion t, which can then be appliedto the input to produce t(x); thistransformation then allows us topredict the expected output f(t(x)),based on the (already known)value of f(x). If the new output isas expected, it is not necessarilyright, but any violation of theproperty indicates a defect. Thatis, though it may not be possibleto know whether an output is

14 CS@CU SPRING 2010

Recent & Upcoming PhD Defenses (continued)the user is readily available, orcan be derived, and can be usedto improve the user’s onlineexperience, making him moreproductive, more creative, andbetter entertained online. Thereis thus a need for context-awaredata management mechanismsthat support a user-centric dataexploration experience, and doso efficiently on the large scale. In a complementary trend, scien-tific domains, most notably thedomain of life sciences, are expe-riencing unprecedented growth.The ever-increasing amount ofdata and knowledge requires thedevelopment of new semanticallyrich data management techniquesthat facilitate system-wide analy-sis and scientific collaboration.Literature search is a central taskin scientific research. Controlledvocabularies and ontologies that exist in this domain presentan opportunity for improving thequality of ranking. The Web is a multifaceted mediumthat gives users access to a widevariety of datasets, and satisfiesdiverse information needs. SomeWeb users look for answers tospecific questions, while othersbrowse content and explore therichness of possibilities. Thenotion of relevance is intrinsicallylinked with preference andchoice. Individual items and itemcollections are characterized inpart by the semantic relationshipsthat hold among values of theirattributes. Exposing these seman-tic relationships helps the usergain a better understanding ofthe dataset, allowing him to makeinformed choices. This process is commonly known as dataexploration, and has applicationsthat range from analyzing the performance of the stock market,to identifying genetic disease susceptibility, to looking for a date. In this thesis we propose novelsearch and ranking techniquesthat improve the user experienceand facilitate information discov-ery in several semantically richapplication domains. We showhow the social context in socialtagging sites can be used for user-centric information discovery. We also propose novel ontology-

aware search and ranking tech-niques, and apply them to scien-tific literature search. Finally, weaddress data exploration in rankedstructured datasets, and proposea rank-aware clustering algorithmthat uses semantic relationshipsamong item attributes to facilitateinformation discovery.

Andrew Wan Learning,Cryptographyand the Average Case

Advisors:Professors

Tal Malkin and Rocco Servedio Abstract: This thesis explores froman average-case perspectiveproblems in computational learn-ing theory and their connection tocryptography. We study the waysthat learning problems changewhen relaxed to the average-case,and perhaps more importantly,how understanding this changeenriches and deepens the con-nections between cryptographyand learning. Through this under-standing a variety of new resultsfor both learning theory andcryptography are obtained: 1. We give an efficient algortihmwhich learns monotone DNF onthe average. The problem of learning DNF andeven monotone DNF under theuniform distribution (here the distribution refers to the space of examples) is a notoriously difficult one in computationallearning theory. We give the firstalgorithm that learns monotoneDNF of arbitrary polynomial sizein a reasonable average-casemodel of learning from randomexamples only. Our approachrelies on the discovery and appli-cation of new Fourier propertiesof monotone functions whichmay be of independent interest. 2. Mansour’s conjecture is truefor random DNF. In 1994, Y. Mansour conjecturedthat for every DNF formula f on n variables with t terms there exists a polynomial p with t^{0(log(1/epsilon))} non-zero coefficients

such that the expected squareerror of p on f is at most epsilon.We make the first progress on thisconjecture and show that it is truefor several natural subclasses ofDNF formulas including randomlychosen DNF formulas and read-kDNF formulas for constant k. Ourresult yields the first polynomial-time query algorithm for agnosti-cally learning these subclassesof DNF formulas with respect to the uniform distribution on the Boolean hypercube (for any constant error parameter).Applying recent work on sand-wiching polynomials, our resultsimply that a t^{-0(\log 1/\eps)}-biased distribution fools theabove subclasses of DNF formu-las. This gives pseudorandomgenerators for these subclasseswith shorter seed length than all previous work. 3. We show that monotone polynomial-sized circuits arehard to learn assuming one-wayfunctions exist. A wide range of positive and negative resultshave been established for learn-ing different classes of Booleanfunctions from uniformly distrib-uted random examples. However,polynomial-time algorithms havethus far been obtained almostexclusively for various classes ofmonotone functions, while thecomputational hardness resultsobtained to date have all been forvarious classes of general (non-monotone) functions. Motivatedby this disparity between knownpositive results (for monotonefunctions) and negative results(for nonmonotone functions), weestablish strong computationallimitations on the efficient learn-ability of various classes of mon-otone functions. Our main tool isa complexity-theoretic approachto hardness amplification vianoise sensitivity of monotonefunctions that was pioneered by O’Donnell (JCSS ’04). 4. Learning an overcompletebasis: analysis of lattice-basedsignatures with perturbations. We propose a general techniquefor recovering parts of the secretkey in lattice-based signatureschemes that follow the Goldreich-Goldwasser-Halevi (GGH) and

NTRUSign style of design withperturbations. Previously, Nguyenand Regev (Eurocrypt 2006) crypt-analyzed GGH-style signatureschemes (including NTRUSign)without perturbations; their attackwas by reduction to a learningtask they called the hidden paral-lelepiped problem (HPP). Themain problem left open in theirwork was to handle schemes thatuse perturbation techniques. Weobserve that in such schemes,recovery of the secret key maybe modeled as the problem oflearning an overcomplete basis, ageneralization of the HPP in whichthe number of secret vectorsexceeds the dimension. We pro-pose an algorithm which solvesrandom instances of this problem.

CS@CU SPRING 2010 15

Two teams sent byColumbia University’sDepartment of ComputerScience have rankedamong the top of competitors in theGreater New York Regionof the 2009-2010 ACMInternational CollegiateProgramming Contest.The teams ranked 2ndand 6th out of 51 teams.

Team Columbia 1(ranked 2nd):

Jingyue Wu

(PhD, Computer Science)

Varun Jalan

(MS, Computer Science)

Zifeng Yuan

(PhD, Civil Engineering)

Team Columbia 2(ranked 6th):

Chen Chen

(PhD, IEOR)

Huzaifa Neralwala

(MS, Computer Science)

Jiayang Jiang

(Junior, Mathematics)

Due to their performance, teamColumbia 1 was also selectedto be one of 100 teams (chosenfrom over 7,000 around theworld) to advance to the worldfinals competition, held inHarbin, China from February 1-6.The teams were led by coachJohn Zhang (PhD student,Computer Science).

ProfessorSteven Bellovin

is one of fournew technicaland scientificexperts whowere recentlyappointed to

the United States ElectionAssistance Commission’sTechnical GuidelinesDevelopment Committee. Thecommittee is charged under the Help America Vote Act with

assisting the Electoral AssistanceCommission in developing federal voluntary voting systemguidelines that are used to testand certify voting systems.

Professor Bellovin was also recently named to theComputer Science andTelecommunications Board of the National Academies.According to the NationalAcademies website,“TheComputer Science andTelecommunications Board(CSTB) was established in1986 to provide independentadvice to the federal govern-ment on technical and publicpolicy issues relating to computing and communications.It is composed of leaders inthe information technology andcomplementary fields fromindustry and academia...CSTBis an operating unit within theNational Research Council(NRC). The NRC is the principalworking arm of the NationalAcademy of Sciences, NationalAcademy of Engineering, andthe Institute of Medicine—three honorific entities towhich distinguished experts in their fields are elected bytheir peers.”

PhD studentIlias

Diakonikolas

won HonorableMention in the2009 NicholsonCompetition ofthe INFORMS

society. The George NicholsonStudent Paper Competition isheld each year to honor out-standing papers in the field ofoperations research and themanagement sciences writtenby a student. Ilias Diakonikolasreceived an Honorable MentionAward in the 2009 NicholsonCompetition for his paper“Small Approximate ParetoSets for Biobjective ShortestPaths and Other Problems”,coauthored with ProfessorMihalis Yannakakis. The paperis published in the SIAMJournal on Computing.

Ashutosh

Dutta, a PhD studentworking withProfessorHenning

Schulzrinne,received a 3rd

best paper award at the IEEEInternational Conference onInternet Multimedia SystemsArchitecture and Application in Bangalore, India. The paperwas titled “Self Organizing IPMultimedia Subsystem”andco-authored by Ashutosh Dutta(Telcordia Technologies, US),Christian Makaya (EcolePolytechnique de Montreal,CA), Subir Das (TelcordiaTechnologies, US), Dana AChee (Telcordia Technologies,US), Fuchun J Lin (TelcordiaTechnologies, US), SatoshiKomorita (KDDI R&DLaboratories Inc., JP),Tsunehiko Chiba (KDDI R&DLaboratories, Inc., JP),Hidetoshi Yokota (KDDI Labs,JP) and Henning Schulzrinne(Columbia University, US).

PhD studentCharles Hanwon a MicrosoftResearchFellowship—one of only tenworldwide—

for his“great accomplishmentsand [Microsoft’s] confidence in [Charles] as a future leader.”Charles attended an award ceremony in March atMicrosoft Research inRedmond, Washington, collocated with MicrosoftResearch’s TechFest 2010.

PhD studentSteve

Henderson

received theBest PaperAward at IEEEISMAR 2009,held in Orlando,

FL. IEEE ISMAR (InternationalSymposium on Mixed andAugmented Reality) is the premier conference in its field.The paper, “Evaluating the

Department News & Awards

16 CS@CU SPRING 2010 CS@CU SPRING 2010 17

Benefits of Augmented Realityfor Task Localization inMaintenance of an ArmoredPersonnel Carrier Turret,” wascoauthored by Steve Hendersonand Professor Steve Feiner.

Professor Tony Jebara

delivered akeynote speechat the 21stInternationalConference on Tools with

Artificial Intelligence (ICTAI)which was held in Newark, NJ.

Professor John Kender

delivered the keynoteaddress to thisyear’s FamilyWeekend, onOctober 16,

2009, to the assembled firstyear CC and SEAS studentsand their visiting parents. Hewas the first SEAS professor to be invited to do so. Theaddress is available online at:http://www.student affairs.columbia.edu/parents/commu-nications.php

ProfessorsAngelos

Keromytis, Sal Stolfo, andJunfeng Yang

will lead a consortium that includesStanfordUniversity,George MasonUniversity, andSymantec Corp.to developnovel softwareprotectionmechanisms ina 4-year, IARPA-funded effort.The project willdevelop a novelarchitecturethat integratesstatic analysis,dynamicconfinement,and code diversification

techniques to enable the identi-fication, mitigation and contain-ment of a large class of soft-ware vulnerabilities. The systemwill permit the immediatedeployment of new softwareand the protection of alreadydeployed (legacy) software bytransparently inserting extensivesecurity instrumentation, whileleveraging concurrent programanalysis and runtime profilingdata to gradually reduce theperformance cost of the instru-mentation by allowing its selec-tive removal or refinement.

Henry andGertrudeRothschildProfessor ofComputerScienceKathleen

McKeown

was selected as one of threerecipients of a “Women ofVision Award” by the AnitaBorg Institute of Women andTechnology (ABI). The recipientswill honored for their accom-plishments and contributions aswomen in technology at ABI’sfifth annual Women of VisionAwards Banquet at the MissionCity Ballroom, Santa Clara, CAon May 12, 2010.

Professor McKeown also hosteda NACLO (North AmericanComputational LinguisticsOlympiad) site at Columbia in February. The NACLO is an Olympiad for high schoolstudents to expose them tocomputational linguistics andproblem solving. More than1100 students participated in the Olympiad across thecountry, including 58 studentsparticipating at Columbia.

T.C. ChangProfessor ofComputerScience andComputerScienceDepartmentChair Shree

Nayar has been awardedCarnegie Mellon University’s2009 Alumni AchievementAward, which recognizes an

individual for exceptionalaccomplishments that havebrought honor to the recipientand to Carnegie Mellon. He is being recognized for his “pioneering research contribu-tions and teaching in the fieldof computer vision.”

ProfessorRocco Servedio

was promotedto the rank of AssociateProfessor with tenure.

Professor Sal

Stolfo wasguest editor of a SpecialIssue of theIEEE Securityand PrivacyMagazine on

Insider Threats (Nov/Dec 2009).Professor Stolfo also organizedand chaired the National CyberDefense Financial ServiceWorkshop, which was held inOctober 2009 at the FinancialService Roundtable inWashington, DC. The officialworkshop report can be foundat www.cs.columbia.edu/ncdi-fi-workshop and http://ncdi.nps.edu/.

Edwin HowardArmstrongProfessor ofComputerScienceJoseph F.Traub

has beenappointed

to the Division Committee on Engineering and PhysicalSciences (DEPSCOM) of the National Academies in Washington, DC. TheCommittee provides advice andstrategic insights to boards andstanding committees within itspurview. The DEPS portfolioranges from disciplinary boardssuch as mathematics, physics,computer science, and astrono-my to boards and standingcommittees serving each of themajor military services as wellas the intelligence communityand the Department ofHomeland Security.

Also, after 10 years of serviceProfessor Traub has steppeddown as Chair of the ComputerScience and TelecommunicationsBoard (CSTB). He served asfounding chair from 1986 to1992 and served again from2005 to 2009.

Postdoc Sean

White wasnamed one ofthis year’s 2009Tech AwardLaureates for his workaddressing

environmental issues. The TechAwards 2009, a humanitarianprogram recognizing technolog-ical solutions aimed at world-wide challenges, selected 15Laureates from a pool of 650nominations representing 66countries. Dr. White won forhis work on the mobile, hand-held, and augmented realityversions of the Electronic FieldGuide. The 2009 Tech AwardsLaureates represent regions asdiverse as Nigeria, Brazil, GreatBritain, the United States andBangladesh. The Laureates andformer Vice President Al Gore,this year’s James C. MorganGlobal Humanitarian Awardrecipient, were recognized at The Tech Awards Gala onNovember 19th at the San JoseMcEnery Convention Center.

Department News & Awards (continued)Knarig

Arabshian

(PhD ‘08) is a Member ofTechnical Staffat Alcatel-Lucent BellLabs. Initially,

she joined the team in Antwerp,Belgium. After working there for almost a year, she recentlytransferred to Murray Hill, NJand resides once again in theColumbia University neighbor-hood. Her current research isfocused on building a systemthat uses ontologies for context-aware tagging of resources onthe Internet. She is also workingon describing and composingservices using ontologies inorder to create personalizedmashup applications.

German

Creamer

(PhD‘06) writes, “After I left school in 2006, Ijoined the Risk,Information and

Banking division of AmericanExpress as a manager, andthen I was promoted to seniormanager. I worked in projectsrelated to data mining anddirect marketing and enterprise-wide risk management. Irecently co-authored with myformer advisor Sal Stolfo thepaper “A Link Mining Algorithmfor Earnings Forecast andTrading” at Data Mining andKnowledge Discovery, and alsoco-authored with my formeradvisor Yoav Freund the paper“Automated Trading withBoosting and Expert Weighting”which is accepted for publica-tion at the Quantitative Financejournal. I recently joined theStevens Institute of Technologyas an associate professor in quantitative finance andfinancial engineering.

Homin Lee

(PhD‘09) isdoing postdoc-toral researchwith ProfessorAdam Klivans at UT-Austin.

AdjunctAssociateProfessorAlexander J.

Pasik (BA ‘82,MS ‘84, PhD‘89) has joinedIEEE as the

Chief Information Officer andStaff Executive, InformationTechnology. For the past threeyears, Alex has been leading all information technologyactivities worldwide for theSolomon R. GuggenheimFoundation, with museums inNew York, Venice, Bilbao, andBerlin. Previously, he was CEOand founder of Pasik AdvisoryGroup, where his clientsincluded Bain & Company andCitigroup. He also was a directadmit partner with Ernst &Young LLP, where he focusedon enterprise architecture andnew technology implementa-tions for clients in a variety of industries. Prior to that, heserved as Vice President andDirector of IT Equity Researchat Lazard Freres & Company,and was ranked in the top tenof U.S. software analysts in1997. Alex’s PhD thesis advisorwas Professor Sal Stolfo.

Julia

Stoyanovich

(PhD ‘09) wasawarded a highly selectiveComputingInnovationFellowship. She

has a postdoctoral position at University of Pennsylvaniawhere she is working withProfessor Susan Davidson.

Michelle Zhou

(PhD‘99) wasnamed an ACMDistinguishedScientist. Dr. Zhou is a research manager at

IBM T.J. Watson ResearchCenter, where she managesthe department of intelligentmultimedia interaction. ACMDistinguished Scientists arenamed in recognition of theirindividual contributions to boththe practical and theoreticalaspects of computing andinformation technology. TheACM Distinguished Memberprogram, of which the ACMDistinguished Scientists pro-gram is a part, can recognizethe top 10 percent of ACMworldwide membership basedon professional experience as well as significant achieve-ments in the computing field.

Alumni News

Professor Sal Stolfo

Professor Junfeng Yang

Professor Angelos Keromytis

18 CS@CU SPRING 2010

Extra News

Computer ScienceDepartment FacultyParticipate inElementary SchoolScience Expo

On Saturday February 6, more than 30 scientists from Columbia Universityand elsewhere led a Science Expo atThe School at Columbia, a University-affiliated elementary school inMorningside Heights.

Each scientist manned an interactive museum-style exhibit and explained the great questionsthat motivate and inspire their work to hundredsof elementary school attendees and their families.

The Computer Science Department was well-represented at the Science Expo. Professor DanaPe’er co-organized the event, and ProfessorsSteven Feiner, Dana and Itsik Pe’er, and RoccoServedio all led exhibits.

CS@CU SPRING 2010 19

Professor Dana Pe’er and Dean FenioskyPena-Mora choose elementary schoolstudents’ science questions to be readaloud to the audience.

Professor StevenFeiner adjusts a visitor’s headset as part of his inter-active exhibit onvirtual reality.

Professor Rocco Servedioexplains the finer pointsof dynamic programming.

Professor Itsik Pe’erhelps elementaryschool students decodethe mysteries of DNA.