Skip to Content

CSE News

  • Bioinformatics Pioneers Launch First Online Bioinformatics Specialization on Coursera

    Next week, learners around the world will have the opportunity to enroll in a series of courses designed for biologists eager to gain computational skills and for computer scientists who want to explore the frontier of bioinformatics. UC San Diego will launch its six-course Specialization in Bioinformatics on Coursera, which culminates in a Capstone Project using software tools and big data provided by Illumina, a leading company in genome sequencing and the emerging field of personalized medicine.

    The new Bioinformatics Specialization will allow learners to earn a Specialization Certificate that serves as a mini-degree in this fast-growing, cutting-edge field. “Our online courses are identical to a core class in the Bioinformatics and Systems Biology Program at the University of California, San Diego, one of the top programs in the world. Actually, they have even more content,” said Pavel Pevzner, a professor of computer science and engineering at UC San Diego, who co-developed the Specialization with longtime colleague Phillip Compeau (far right with Pevzner), who this month joined the computational biology faculty at Carnegie Mellon University. “In fact, the Specialization will cover twice as much material as we teach in our UC San Diego course, so online learners can acquire world-class skills, even if they don’t know anything yet about biology – or computer programming.”

    The Bioinformatics Specialization gives learners the option of participating in one of two separate tracks: one for students who already have programming skills, the other designed largely for biologists who don’t code but do want to learn how to use popular bioinformatics tools to solve practical problems.

    “Biologists use bioinformatics tools such as BLAST in their daily lives,” said Compeau. “BLAST is like the Google of biology: everybody uses it, even if they don’t know how it works. But it’s important for a biologist to know how BLAST works to avoid pitfalls, so we explain how these tools work even if the learner doesn’t know how to program.” Learners who already know how to program will take a “hacker track” that will automatically test their programming skills using over 100 algorithmic puzzles motivated by modern biology.

    Each of the Bioinformatics courses will run for four weeks, and the starter course in the series, Finding Hidden Messages in DNA, will begin August 31 and replay every six weeks. Subsequent courses include: Genome Sequencing; Comparing Genes, Proteins, and Genomes; Deciphering Molecular Evolution; Genomic Data Science and Clustering; and Finding Mutations in DNA and Proteins. These courses are followed by a Capstone Project, Big Data in Biology, which includes challenges in bioinformatics and personalized medicine developed jointly with scientists at Illumina. “In the Capstone, students will face the same kind of challenges that researchers in the biotech and pharmaceutical industry face,” said Compeau. Pevzner added, “Each section of the Capstone will include a motivating example illustrating how the emerging field of personalized medicine has contributed to decoding the causes of mysterious diseases that traditional approaches failed to diagnose.”

    All sections of the Capstone have been developed jointly with scientists led by Semyon Kruglyak, the Senior Director of Informatics Research at Illumina. “Illumina cares about education.  We offer continued education to our own scientists, and we have the BaseSpace cloud platform that thousands of biologists around the world use.  We are making our data sets and analysis on BaseSpace available to people taking these courses,” said Kruglyak. “Illumina is most interested in educating biologists in bioinformatics because bioinformatics plays an important role in experimental design and data interpretation, but the subject is largely missing from even some of the best biology programs.  This course seems like an ideal way to close that gap quickly.”

    Plus, noted Kruglyak, “success in this Specialization could lead to Illumina job opportunities, because the company is looking for employees who can tackle biological Big Data.”

  • Computer Science at UC San Diego #14 in Global Ranking

    Computer science at UC San Diego is ranked #14 in the world, and #13 in the United States, according to the 2015 Academic Ranking of World Universities (ARWU). For the third year in a row, UC San Diego overall was also ranked the #14 best university in the world (#12 in the U.S.), while the engineering program in general also ranked #14. The rankings are released by the Center for World-Class Universities at Shanghai Jiao Tong University. 

    In addition to broad subject fields such as life sciences and engineering, ARWU ranks schools in five specific fields. Among those, UC San Diego's best performance was in computer science (#14), trailed by chemistry (#18), economics (#19), mathematics (#30), and physics (which ranked below #51).

    “It is an honor for UC San Diego to be recognized as a world-class university with strengths across multiple disciplines,” said Chancellor Pradeep K. Khosla. “This recognition can be attributed to our stellar faculty and outstanding students who are dedicated to producing research that changes lives, solves critical problems and benefits society.”

    The Academic Ranking of World Universities uses five indicators to evaluate world universities in the computer science field: the number of alumni and staff winning Turing Awards; the number of highly-cited researchers in computer science; the number of articles indexed in the Science Citation Index - Expanded in Computer Science fields; and the percentage of paper published in the top 20% of computer science journals compared to total publications in all computer science journals.

    Given that UC San Diego is a relatively young campus and that CSE boasts no alumni nor current staff winners of the prestigious Turing Award (the highest in computer science), the university gets zero points on the first two scores that make up 25% of the total field score. On the other hand, CSE has a strong track record publishing in top journals and getting cited by other academics, which largely accounts for the score that qualified the department to be ranked #14 in the world.

  • Alumnus, Postdoc Offer Way to Make Embedded Systems More Secure

    CSE postdoctoral researcher Karl Koscher (near left) was the first author on another paper presented at the Workshop on Offensive Technologies, jointly with Microsoft’s David Molnar and CSE alumnus Tadayoshi Kohno (PhD ’06) (far left), who was Koscher’s advisor at the University of Washington. They presented a system called SURROGATES to emulate and instrument embedded systems in near-real time, enabling a variety of dynamic analysis techniques. To do so, the researchers used a custom, low-latency FPGA bridge between the host’s PCI Express bus and the system being tested, giving the emulator full access to the system’s peripherals. Koscher and his co-authors built and evaluated a system that enables dynamic analysis of embedded systems at an unprecedented scale. “This will ultimately enable embedded systems developers to take advantage of several dynamic analysis techniques that were previously available only to traditional software developer,” they noted in the paper’s conclusions, “allowing them to deliver safer and more secure embedded systems.” The findings could ultimately offset some of the security concerns related to the Internet of Things, which is effectively a massive network of embedded systems.

    In a related story, a former CSE postdoc, Damon McCoy (right), also had a paper on the WOOT 2015 program. McCoy, who recently moved from George Mason University to the International Computer Science Institute in Berkeley, is the senior author on “Fuzzing E-mail Filters with Generative Grammars and N-Gram Analysis.”  Email filtering is the primary defense against email phishing attacks, and McCoy proposes a system that uses generative grammars to create large sets of unique phishing emails, which are then used for ‘fuzzing’ input against email filters. As the authors concluded, “this approach can be used to ensure the delivery of emails without the need to white-list” email from reliable sources.

    Read the full paper “SURROGATES: Enabling Near-Real-Time Dynamic Analyses of Embedded Systems”.
    Read the full paper “Fuzzing E-mail Filters with Generative Grammars and N-Gram Analysis”.

  • Pinpointing a Security Vulnerability in How Computers Use Memory

    In the Workshop on Offensive Technologies (WOOT) where the paper on automotive hacking was presented (see stories above), another former member of CSE’s Security and Cryptography group had new research to present. 

    CSE alumnus Stephen Checkoway (PhD ‘12) presented a paper with the eye-catching title, “Run-DMA”. Checkoway (pictured as a CSE grad student), who recently moved from Johns Hopkins University to the University of Illinois at Chicago, was referring to the direct memory access (DMA) hardware engines used by computers to transfer data into and out of main memory. DMA engines are designed to free up CPU cycles to perform more challenging computations. According to Checkoway’s paper with Johns Hopkins PhD student Michael Rushanan, they showed that “the ability to chain together such memory transfers, as provided by commodity hardware, is sufficient to perform arbitrary computation.” This opens up the DMA engine to “malicious behavior”, and the researchers built a proof-of-concept DMA rootkit that modifies kernel objects in memory to perform “privilege escalation for target processes.” The researchers were the first to build malware entirely out of DMA data transfers, and they considered a variety of countermeasures that could be helpful in containing the security risk associated with DMA engines – up to a point. “Given the current lack of strong defenses against DMA abuse and the ability of DMA to do both Turing-complete and resource-complete computation,” concluded Checkoway and Rushanan, “it is clear that more work on secure defenses is needed.”

  • Fast and Vulnerable

    A recent alumnus of CSE’s BS/MS program, Ian Foster (MS ’15), gave a high-profile talk this week at the Aug. 10-11 USENIX Workshop on Offensive Technologies (WOOT 2015) in Washington, D.C., on the eve of the much larger USENIX Security conference. Foster (who is now at Salesforce), CSE Prof. Stefan Savage, Qualcomm Institute programmer-analyst Andrew Prudhomme (who worked on the project in Savage’s CSE 227 class), and CSE postdoctoral researcher Karl Koscher made international headlines with their paper, "Fast and Vulnerable: A Story of Telematic Failures." The researchers examined a popular aftermarket telematics control unit (TCU), which connects to a vehicle via the standard On Board Diagnostics (OBD-II) port, usually below the steering wheel. TCUs are often provided free of charge by auto insurance companies such as Progressive (with its Snapshot dongle) in return for the promise of lower rates, because TCUs can keep track of every time the driver pumps the brakes or presses the accelerator, etc. Indeed, virtually all computerized functions of a car, including lighting and HVAC, can be accessed through the OBD-II port, and the danger is enhanced because TCUs have built-in external networking -- which makes it easier for a hacker to get access to the car's computerized controls.

    "We show that these devices can be discovered, targeted, and compromised by a remote attacker and we demonstrate that such a compromise allows arbitrary remote control of the vehicle," according to the paper’s authors. "This problem is particularly challenging because, since this is aftermarket equipment, it cannot be well addressed by automobile manufacturers themselves." Indeed, a hack can be as easy as sending a text message to disable the car's brakes (as long as the auto is not going over five miles an hour).

    With funding from NSF and UC San Diego's Center for Networked Systems (CNS), the researchers looked specifically at one TCU built by Mobile Devices and distributed by insurance company Metromile, one of many companies that use the device. Metromile provides discounted per-mile insurance to Uber drivers willing to hook the TCU dongle into their car’s dashboard. For the study, a Corvette was used, but any late-model automobile would probably have had similar issues. Pictured in the Corvette: co-authors Karl Koscher (left) and Ian Foster. (Photo courtesy Wired magazine) The researchers were able to demonstrate both local and remote vulnerabilities, resulting from a combination of bad architectural decisions (e.g., the design of the update protocol) and particular configuration options (e.g., the use of text messaging and debugging features in production deployments and the use of identical keys and passwords among such devices). In their experiments with the Mobile Devices TCU, the researchers documented a number of vulnerabilities, including a complete remote compromise via text message. In their paper, the researchers showed how, once compromised, the TCU makes it possible "to remotely control safety-critical automobile features", e.g., the brakes.

    Savage told reporters that Mobile Devices subsequently issued a software update to prevent some of security flaws. "We take these devices far too lightly," Savage told CNN. "This is a class of device that should be considered the same way we consider a medical device. It's a dangerous object that needs to be designed with care." 

    The researchers offered some tips on improving the safety of TCUs, such as firewalls at the controller area network (CAN) bus that allows automotive devices to communicate with each other. However, they warned that in the long run, the auto industry "will require stronger mechanisms for code signing, authentication, and for limiting what kinds of communications a particular device can engage in." CSE’s Savage says that Metromile has been “super responsive” to the researchers’ security findings. Said Savage: “They tell us that they’ve updated all of their units over the air, and that they are no longer vulnerable.” Other companies that make or offer TCUs for fleet management, tracking, insurance and other industries will hopefully follow suit, although there is no proof yet that a completely secure TCU is even possible.

    Read the full paper, "Fast and Vulnerable: A Story of Telematic Failures".

  • Five Years On, Car Hacking Research Still Triggering Alarms

    Research dating back to 2010 in the lab of CSE Prof. Stefan Savage is still making headlines. In an article published by dozens of newspapers this week, the Associated Press reported that hackers are still able to hack automotive systems from a distance -- forcing Fiat Chrysler to become the first automaker to recall cars to patch a cybersecurity problem. It recalled 1.4 million Jeeps after a Jeep in St. Louis was hacked by "white hat" hackers using a laptop in Pittsburgh. In the AP article, CSE alumnus Yoshi Kono, who worked with Savage and continues to work on cybersecurity as a professor at the University of Washington, notes that the "adversary only needs to find one way to compromise the system, where a defender needs to protect against all ways" of hacking a car.

    Professor Savage was also interviewed for the story. He praised Tesla for hiring a cybersecurity officer with power to make changes, but other automakers have been slow to act. He also noted that software can have vulnerabilities an automaker may not know about, because radios and other devices often have software owned by the outside supplier. Savage is also quoted as saying that it's difficult to isolate radios, locks and other features from computers that move and stop the car, noting that after a crash, cars are programmed to unlock their doors. He also predicts that all automakers will speed up plans for instant Internet software updates. "I'd be shocked if everyone doesn't deploy this stuff in the next few months," said Savage. "They can't afford not to."

  • CSE Students, Alumnus and Faculty Build RIFFA for FPGA

    CSE students have built a Reuasble Integration Framework for FPGA Accelerators (RIFFA) for communicating data from a computer processor to a Field Programmable Gate Array (FPGA). The open-source technology, which can be used with any FPGA vendor on Windows or Linux, could lead to faster design times and higher profit margins for a wide range of industries.

    The FPGA is analogous to a bucket of Legos®. It's essentially programmable hardware with "logic blocks" that can be configured by a manufacturer after purchase to perform a set of functions. FPGAs are often used as replacements for application-specific microchips and/or software because they are respectively cheaper and faster (both computationally and design-wise) compared to the two alternatives. Specific applications of FPGAs include highly-intensive computing applications that require many computing resources over a long period of time, such as digital signal processing, medical imaging, computer vision and bioinformatics.

    On the flip side, FPGAs "are pretty low-level and bare-metal," said CSE Prof. Ryan Kastner (at left), a trait that also has made them historically cumbersome to use and error-prone, since they lack the testing abstractions of programming languages.

    "FPGAs don't have an infrastructure like Windows or Linux, where you can plug in a device like a camera and the camera will be recognized," said Kastner. "There are very few people in the world who understand the level of abstraction involved in programming an FPGA. Because it's programmable hardware, it provides a lot of flexibility, but that can also be the problem. It's a rope and you can do whatever you want with that rope, including tie yourself in knots."

    RIFFA was designed by CSE alumnus and Google employee Matt Jacobsen (pictured at right receiving best-poster award at Research Expo 2014) and is being further developed by CSE graduate student Dustin Richmond. RIFFA greatly simplifies both the software and hardware interfaces involved in the use of FPGAs, requiring only a PCIe enabled workstation and a FPGA on a board with a PCIe connector.

    "While you may not know it, PCIe is a common protocol found in almost every desktop, server and laptop," Kastner adds, "thus, this is a step toward making FPGAs more ubiquitous. This can lead to substantial energy savings, since FPGAs provide orders of magnitude improvements in power consumption compared to the same application running on a CPU."

    RIFFA also makes it possible to load multiple FPGAs with only a few lines of code and no special knowledge of bus addresses, buffer sizes, PCIe packet formats and other protocols previously required for programming FPGAs. "The way RIFFA came about is that we've had all these different projects, different companies and different people on campus who kept reinventing the wheel," says Richmond (at left), "and the result was that everybody was communicating between CPUs and FPGAs poorly. We decided our focus would be on the application and not the 'plumbing.' We spent years developing RIFFA as something very easy to use and very portable. Essentially, we've abstracted away all of the plumbing."

    Kastner and Richmond cite Cognex Corporation - a manufacturer of machine vision and other components used in automated manufacturing - as an industry partner that has already made use of RIFFA. One of the company's sensor-equipped scanners, for example, is designed to determine faults in 3D models of parts as they are moving along an assembly line at a speed of 100,000 frames per second. Employees of Cognex used RIFFA in an initial research prototype to make use of fewer scanners in order to "run the assembly line as fast as possible and increase their profit margin," explains Richmond, "which is obviously in their best interest."

  • Undergraduate Summer Research Showcase

    More than 300 UC San Diego undergraduates from CSE and other departments will present faculty-mentored research to peers, professors and the general public at the annual Summer Research Conference on Aug. 13. The conference is organized by UC San Diego Academic Enrichment Programs and is open to college students of all majors from across the region.

    CSE is represented in several ways. Some of the students are majoring in computer science. They include Jordan Yoshihara, who is working with a mentor from the Education Studies Department to analyze the experiences of six third-grade students and what motivated them to learn math. Yoshihara (at right) is about to start her senior year. Jose Valdes, a computer-science major mentored by CSE Prof. Shachar Lovett, is tackling the complexity of the 'planted clique' problem, while Marie Rosario, who is double majoring in computer science and math, is pursuing a study on undocumented students in U.S. higher education "and how they navigate through their institution in regards to limited opportunities because of their status."

    Separately, a few CSE faculty members are mentoring students from other majors. For example, CSE Prof. Tajana Rosing is mentoring an electrical-engineering major, Jahya Burke, for a project on "clustering for large sensing networks" and utilizing a device hierarchy to reduce complexity. CSE Prof. Gary Cottrell, meanwhile, is mentoring psychology major Jacqueline Castro on "measuring object similarity: mapping emotional faces and words" which will rely on input from participants recruited through the crowdsourcing Amazon Mechanical Turk service to arrange emotional faces based on perceived similarity.

    Finally, in one case, a CSE professor, Sorin Lerner (at left), is mentoring a computer-science undergraduate from Texas Southern University who aims to create a simulator that focuses on proofs and puzzles to highlight the transformation rule (to help computer scientists and mathematicians replenish their understanding of Boolean logic).

    The conference is the conclusion of an intensive research program, which begins in late June and involves an eight- or ten-week research apprenticeship with a faculty member, matched by student research interests. In addition to conducting original research for at least 30 hours per week, undergraduates are trained how to write a research paper and communicate findings at a conference as well as how to prepare for and succeed in graduate school.

    UC San Diego students receive four units of independent study credit, and all undergraduates who participate in the Summer Research Program are provided with free on-campus housing for the summer and a fellowship stipend. The support is provided by several mentorship and scholarship programs under the umbrella of Academic Enrichment Programs, including the California Louis Stokes Alliance for Minority Participation (CAMP) in Science, Engineering and Mathematics program, which provides opportunity to underrepresented students seeking advanced degrees in those fields; the McNair Program—a year-long federal outreach program funded by the U.S. Department of Education that prepares first-generation, low-income and underrepresented students for doctoral study; as well as numerous undergraduate research scholarships.

  • MystartupXX Wins SBA Funding to Support Female Tech Entrepreneurs

    Female alumni from CSE and other Jacobs School of Engineering departments will, for the first time, be eligible to compete for support as part of the mystartupXX accelerator program. MystartupXX is a partnership of the engineering school and the Rady School of Management, and it has just been awarded its second $50,000 grant from the U.S. Small Business Administration (SBA) as a winner of the national Growth Accelerator Fund competition.
    MystartupXX nurtures the next generation of female founders and female-led technology startups through mentorship, education and funding. The program is designed to encourage and aid female students from across campus to create innovative, technology-driven companies. Since its founding in 2012, the mystartupXX program has supported cohorts of female student entrepreneurs (and female-led teams), but for applicants in 2015, recent alumnae will also be eligible to apply for admission (applications due in October).
    The judges reviewed 400 applications before selecting the 80 winners from across the U.S. The winners were announced at the first-ever White House Demo Day on Aug. 4 (see article below on Cocoon Cam presentation). The event highlighted the accomplishments and efforts surrounding the American entrepreneurial and innovation engine.
    “Winning this prestigious award from the SBA will enable the work of the mystartupXX program to grow and expand to include UC San Diego alumni," said Lada Rasochova, the mystartupXX program director. "We have already had many successful outcomes from program participants and this award will help us continue to provide the tools female-led technology startups need to excel in the innovation economy.”
    In the past three years, fiive mystartupXX startup companies have been launched, including Giventure (originally called Bystanders to Upstanders), led by CSE undergraduate Sneha Jayaprakash (right) and a team of mostly female CSE students who have developed an app that enables volunteers, volunteer organizations and nonprofits to connect. In addition, more than $8 million has been raised by startups affiliated with mystartupXX, over 130 jobs have been created, and products on the market are generating more than $1 million in revenues. Two mystartupXX companies were also admitted to other prestigious incubator and accelerator programs.
    “MystartupXX aims at leveling the playing field for female technology entrepreneurs in particular in terms of access to funding and to a strong support network that will serve as a launch pad for their success,” said Rosibel Ochoa, senior executive director of Entrepreneurism and Leadership Programs at the Jacobs School, and co-director of the mystartupXX program.
  • CSE and Facebook at SIGCOMM 2015

    A team from CSE is getting ready to attend the flagship annual conference of the ACM Special Interest Group on Data Communication on applications, technologies, architectures and protocols of computer communication. The week-long SIGCOMM 2015 takes place in London, UK, starting Aug. 17, and three CSE faculty members will attend – George Porter, Alex Snoeren and Geoffrey Voelker – as will PhD student Arjun Roy (PhD ’16) (at left). The reason? When Roy interned at Facebook, he worked on a project to measure their datacenter network. The results of the joint UC San Diego-Facebook investigation are to be published in a paper at SIGCOMM: "Inside the Social Network's (Datacenter) Network." Snoeren and Porter co-authored the article with grad student Roy and two colleagues from Facebook, Hongyi Zeng and Jasmeet Bagga.

    As they point out in the paper, the co-authors note that "datacenter operators are generally reticent to share the actual requirements of their applications, making it challenging to evaluate the practicality of any particular design" of network fabrics to interconnect and manage traffic within large-scale datacenters. Most prior studies were based on Microsoft workloads, which may not be representative of other cloud services, so having access to some of Facebook's datacenters and workloads breaks new ground in showing how networking inside datacenters is handled. "While Facebook operates a number of traditional datacenter services like Hadoop, its core Web service and supporting cache infrastructure exhibit a number of behaviors that contrast with those reported in the literature," according to the paper's abstract. "We report on the contrasting locality, stability, and predictability of network traffic in Facebook's datacenters, and comment on their implications for network architecture, traffic engineering, and switch design."

    First author Arjun Roy and his co-authors from UC San Diego and Facebook conclude that Facebook's datacenter network supports a variety of distict services that exhibit different traffic patterns that differ substantially from those in previously published studies. "The different applications, combined with the scale (hundreds of thousands of nodes) and speed (10-Gbps edge links) of Facebook's datacenter network result in workloads that contrast in a number of ways from most previously published datasets," they note. "Space constraints prevent us from providing an exhaustive account, [but] we describe features that may have implications for topology, traffic engineering, and top-of-rack switch design."

    Given the interest in the UC San Diego-Facebook paper, SIGCOMM is also publishing a public review of the research, by Microsoft engineer Srikanth Kandula, who highlighted some "novel and interesting measurements." For example, more than 80 percent of traffic in a Hadoop cluster crosses racks (i.e., there was less rack 'locality' than in previous studies on other datacenters). Kandula also notes that "the overall network link utilization is quite small -- an average of less than 10 percent on all potential bottlenecks," noted Kandula, adding that "the other dominant application at Facebook is memcached-style request-response workload, which comprises primarily of small packets and has some specific traffic patterns." [Pictured at right: Per-second traffic locality by system type over a two-minute span: clockwise from top-left, Hadoop, Web server, cache follower, and leader.]