http://www.computer.org/computer Computer, the flagship publication of the IEEE Computer Society, publishes peer-reviewed technical content that covers all aspects of computer science, computer engineering, technology, and applications. The articles selected for publication are edited to enhance readability for the general Computer reader. Computer is a resource that practitioners, researchers, and managers can rely on to provide timely information about current research developments, trends, best practices, and changes in the profession. en-us Wed, 4 Jan 2012 11:00:01 GMT http://csdl.computer.org/common/images/logos/computer.gif List of recently published journal articles http://www.computer.org/computer http://doi.ieeecomputersociety.org/10.1109/MC.2011.388 In the past decade, we have seen development and wide deployment of novel systems for both data analysis and serving that scale out on demand, relying on massively distributed architectures with clusters of thousands of machines and with data replicated for fault-tolerance and low-latency reads; in some cases, replicated worldwide across tens of data centers. These new systems, in particular those designed for real-time data serving and update workloads, have provided ample illustration of the realities of the CAP theorem. They have taken diverse approaches to reconciling consistency with availability and performance, and in this paper, we will review the current landscape and speculate on what the future might hold. Specifically, we advocate research in providing a spectrum of consistency choices. We start by reviewing PNUTS' timeline consistency model, Amazon's eventual consistency model, and Google's entity group consistency model. We discuss these models, contrast them with the traditional ACID model of database consistency, and suggest directions for research. Our perspective is informed (and perhaps biased) by our experience with the PNUTS system at Yahoo!. http://doi.ieeecomputersociety.org/10.1109/MC.2011.388 http://doi.ieeecomputersociety.org/10.1109/MC.2012.1 Offering strong data protection to cloud users while enabling rich applications is a challenging task. We explore a new cloud platform architecture called Data Protection as a Service, which dramatically reduces the per-application development effort required to offer data protection, while still allowing rapid development and maintenance. http://doi.ieeecomputersociety.org/10.1109/MC.2012.1 http://doi.ieeecomputersociety.org/10.1109/MC.2012.2 Epic software engineering failures are nothing new in the federal government, but for the FBI, they are particularly bitter. The bureau has failed twice in 10 years to build a case management system for its agents. We wasted $451 million on the last attempt, $621 million if you include our first one, the Virtual Case File (VCF), another failed government information technology (IT) program piled onto history’s ash heap. Our plan was to automate the hellish paper processes faced by FBI’s special agents. Instead, their hopes were crushed twice, forcing them to continue managing cases and evidence in ways that have not improved dramatically since the days of J. Edgar Hoover. How did this happen? What can be done? And who are the “UNSUBs” (FBIspeak for “culprits”) here? Sadly, the FBI is not alone—these failures are chronic in government. The Office of Management and Budget (OMB) estimates that over the past decade the federal government has spent $600 billion on IT programs that have under delivered or not delivered at all. This must be fixed. In a day and age of roaring budget deficits, the government can no longer afford to build IT the same way. http://doi.ieeecomputersociety.org/10.1109/MC.2012.2 http://doi.ieeecomputersociety.org/10.1109/MC.2011.389 Almost twelve years ago, in 2000, Eric Brewer introduced the idea that there is a fundamental trade-off between consistency, availability, and partition tolerance. This trade-off, which has become known as the CAP Theorem, has been widely discussed ever since. In this paper, we review the CAP Theorem and situate it within the broader context of distributed computing theory. We then discuss the practical implications of the CAP Theorem, and explore some general techniques for coping with the inherent trade-offs that it implies. http://doi.ieeecomputersociety.org/10.1109/MC.2011.389 http://doi.ieeecomputersociety.org/10.1109/MC.2011.387 CAP explores tradeoffs between {Consistency, Availability and Partition tolerance}, concluding that a replicated service can possess just two of the three. The theorem is proved by forcing a replicated service to respond to conflicting requests during a partitioning failure, triggering inconsistency. But there are replicated services for which the applicability of CAP is unclear. Here, we look at scalable “soft-state” services that run in the first-tier of a single cloud-computing data center. The puzzle is that such services live in a single data center and run on redundant networks. Partitioning events involve single machines or small groups and are treated as node failures; thus, the CAP proof doesn’t apply. Nonetheless, developers believe in a generalized CAP “folk theorem,” holding that scalability and elasticity are incompatible with strong forms of consistency. We present a first-tier consistency alternative that replicates data, combines agreement on update ordering with amnesia freedom, and supports both good scalability and fast response. http://doi.ieeecomputersociety.org/10.1109/MC.2011.387 http://doi.ieeecomputersociety.org/10.1109/MC.2011.386 This paper introduces visualization techniques for Cultural Analytics, an interdisciplinary new field devoted to the exploration of large cultural data sets by means of interactive and intuitive visual analysis techniques. These techniques are aimed at scholars working in a number of disciplines including art, art history, film and media studies, who need to analyze large image collections in their work. A particular challenge in this domain is that well-defined goals and hypotheses are often not available beforehand, and instead are developed and refined throughout the cultural analytics process. The presented cultural analytics environment uses a large-scale collaborative digital workspace and out-of-core visual analysis techniques to allow researchers to progressively develop and refine hypotheses and gain new insights into large, digital image collections. http://doi.ieeecomputersociety.org/10.1109/MC.2011.386 http://doi.ieeecomputersociety.org/10.1109/MC.2011.385 The rapid adoption of multi-processor computers creates a perfect environment for parallel EDA algorithms. Among various EDA applications, parallel logic simulation seems to be the most promising --- it has been studied for decades and recent research continues to promise improvements. As processors are becoming faster and designs are getting larger, one would expect better performance from parallel simulation. However, this is typically not the case. Is parallel logic simulation a myth or reality? In this article we answer this question by explaining why speed-up is actually more difficult to achieve in the real world and why pitfalls in evaluating simulation speed-up can give false promises. We then describe designs and applications suitable for parallel simulation. Finally, we evaluate variants of parallel simulation platforms and suggest the type of problem that can be better solved by each variant. http://doi.ieeecomputersociety.org/10.1109/MC.2011.385 http://opac.ieeecomputersociety.org/opac?year=2011&volume=44&issue=12&acronym=computer Computer http://www.computer.org/portal/site/computer/ http://doi.ieeecomputersociety.org/10.1109/MC.2011.353 The requirements for infrastructure software differ from those of many applications. This paper considers implications of the more stringent correctness, reliability, efficiency, and maintainability requirements on infrastructure software. It argues that up-front design, static structure enforced by a type system, compact data structures, and simplified code structure are essential. So is improved tool support. Education for infrastructure developers should differ from that of application developers to reflect that. The discussion is driven by a few small illustrative code examples: Code matters; all else is built on top of code. http://doi.ieeecomputersociety.org/10.1109/MC.2011.353 http://doi.ieeecomputersociety.org/10.1109/MC.2011.327 The shifting foundation of computing poses a plethora of exciting research and development challenges. The explosive growth of smartphones is creating a looming spectrum shortage. Can cognitive radio technology shift the technical and business dynamics of communications to more nimble and adaptive spectrum usage? Projections of current trends suggest there will be more 50 billion Internet connected devices in just a few years. How can they best be managed and secured? Can we reconcile our historical notions of privacy and security, rooted in person and place, with the new world of cloud services and transnational data flows? Each of today’s cloud data centers contain more computing and storage capacity than the entire Internet did just a few years ago. How can we best design these systems for resilient and energy efficient operation? Predicting the future is always fraught with peril, as any retrospective examination of technology predictions will show. However, these technological and societal changes are so significant that we must consider their effects on the future of our research, computing education and broader societal responses. http://doi.ieeecomputersociety.org/10.1109/MC.2011.327 http://doi.ieeecomputersociety.org/10.1109/MC.2011.301 Two major IT trends have contributed to the transformation of enterprises in the last several years: Service-oriented architectures (SOA) and unified communications and collaboration (UCC) platforms. The former has allowed companies to move away from large monolithic systems into smaller componentized services, and to re-engineer their business processes. The latter has changed the the way that information spreads through an enterprise, from slow and inconsistent to immediate and pervasive. In this paper, we describe optimized interactive processes (OIP), which combines SOA and UCC capabilities into a new platform, enabling real-time coordination between physical, digital, and human systems. It supports finding, communicating, and collaborating between team members as part of a process, independent of the device and communication medium used by the individuals. It will automatically optimize the process by choosing the right individuals and communication mechanisms based upon dynamic, context-specific attributes. We demonstrate use-cases for this technology, such as orchestrating emergency response activities, facilitating consultations between doctors and specialists, and reacting in real-time to events detected by sensors. We discuss the key differentiating architectural components in an OIP system, and describe a prototype implementation. http://doi.ieeecomputersociety.org/10.1109/MC.2011.301 http://doi.ieeecomputersociety.org/10.1109/MC.2011.299 What is the potential for pervasive and mobile sensing and computing over the next decade, and the challenges that will have to be faced in order to realize this potential?. I describe a likely future by drawing on a unique, multi-year collaboration with the heads of major IT, wireless, hardware, health, and financial firms, as well as the heads of American, EU, and other regulatory organizations, and a variety of NGOs http://doi.ieeecomputersociety.org/10.1109/MC.2011.299 http://doi.ieeecomputersociety.org/10.1109/MC.2011.262 Information security vulnerabilities and threats are alive and well today, but this is nothing new. Attacks on data and telecommunications infrastructures have been going on since the development of those infrastructures, and the attacks adapt to the changing technology. This paper describes how the attack vectors have changed during the past 40 years, but the types of attacks remain eerily similar. http://doi.ieeecomputersociety.org/10.1109/MC.2011.262 http://doi.ieeecomputersociety.org/10.1109/MC.2011.261 Recent security reports reveal that cross site scripting (XSS) is among the top most serious and common security threats found in Web applications. XSS attack occurs when an attacker sends a malicious code to a victim through exploiting the poor handling of user input in a Web application. A wide variety of solutions from simple static analysis techniques to complex runtime protection mechanisms have been proposed to mitigate this problem. However, XSS flaws continue to exist in many Web applications mainly due to the developers’ lack of understanding of this problem, its solutions, and the limitations of the solutions. This article aims to provide the readers with guidance on the strengths and weaknesses of current techniques to defend against XSS exploits. It also discusses what might be the future research works to overcome the limitations of current techniques. http://doi.ieeecomputersociety.org/10.1109/MC.2011.261 http://doi.ieeecomputersociety.org/10.1109/MC.2011.260 In many industries (such as retailing or consumer services), choosing an appropriate site is one of the most important decisions for firms. This study proposes a graph-based method to address the business site selection problem from a perspective of “intraspecific competition,” which takes into account the fact that most business firms are not isolated but rather are connected and can be clustered as geographical agglomerations. The proposed method treats complex interconnections among business establishments as a graph, in which each link reflects the geographical distributions and quality of establishments. After constructing the graph of the dynamic economic environment, this study applies an automatic learning algorithm to derive the optimal locale for a new business establishment. Evaluations using both synthetic and real-world data illustrate both the underlying principle and the effectiveness of this proposed graph-based method. http://doi.ieeecomputersociety.org/10.1109/MC.2011.260 http://doi.ieeecomputersociety.org/10.1109/MC.2011.259 Web Applications are frequently deployed with critical security bugs that can be maliciously exploited. Avoiding such vulnerabilities depends on the best practices and tools applied during implementation, testing and deployment phases of the software development cycle. However, many times those practices are disregarded, as developers are frequently not specialized in security and face hard time-to-deploy constraints. Furthermore, the poor efficiency of existing automatic vulnerability detection and mitigation tools opens the door for the deployment of insecure web applications. Realizing the full benefits of secure coding and the limitations of existing tools requires rethinking the way we build web applications. This paper intends to discuss the devils behind the security of such applications. http://doi.ieeecomputersociety.org/10.1109/MC.2011.259 http://doi.ieeecomputersociety.org/10.1109/MC.2011.230 With mounting scientific evidence on both the benefits of dose escalation and the perils of normal tissue toxicity, and tremendous progress in the attainable precision of radiotherapy (RT) planning and delivery, achieving a high degree of geometric accuracy of the temporarily deforming organ has become ever more important in RT treatments. We propose a computational RT-guidance strategy where a 4D motion model is computed from 4D MRI and 3DCT. It can be used for RT planning. During delivery, the model is updated with real-time position information. The correspondingly updated fluence map can then be delivered. http://doi.ieeecomputersociety.org/10.1109/MC.2011.230 http://doi.ieeecomputersociety.org/10.1109/MC.2011.227 Security, data protection, trust management, authentication and authorization are crucial assets in the Internet of Services. We propose and illustrate On-line Testing as an important means to enhance trustworthiness among federated services that are often independently developed, deployed, and maintained. http://doi.ieeecomputersociety.org/10.1109/MC.2011.227