Bench Press

A few weeks ago, I had the pleasure of visiting the lovely California Palace of the Legion of Honor. While I expected the art within to be stunning, I was also amazed at how beautiful the museum and its surroundings are. If you live nearby or are ever in the area, I would highly recommend a visit.

If you are making a visit before July 4, 2010, and have a scientific bent, you’ll have another reason to visit: an exhibit which the Legion of Honor has called “Very Postmortem: Mummies and Medicine” in honor of the return of Irethorrou, an Egyptian mummy over 2500 years old which had been on loan from the museum since 1944.

While anyone even remotely fascinated by the Ancient Egyptians will find the exhibit interesting, what I was most struck by was that a large part of the exhibit was dedicated to what could be found by using modern CT scans and X-rays on the mummies. These scans were able to probe not only what amulets/objects were encased with Irethorrou (and hence help out with the understanding of Ancient Egyptian culture), but they were even able to take a deeper medical look at Irethorrou’s organs, muscles, and bones – and all of this without requiring any direct handling of the mummies (and hence risking damage to them).

With this information, they were able to create a facial reconstruction of what Irethorrou might have actually looked like and even tell a short story of Irethorrou’s medical history! By partnering with with Fovia, a Palo Alto-based company specializing in high resolution volume rendering technology, the exhibit also portrays a rich three-dimensional high-def video “fly-by” of the CT scan’s findings.

The potential of using modern medical technology on “non-traditional” subjects is only beginning to be tapped. A recent Wall Street Journal article reports on a fascinating study which took CT scans of mummies from the National Museum of Antiquities in Cairo, Egypt. They revealed, surprisingly, that some of the mummies (especially the older ones) showed the same artherosclerotic plaques which doctors see today in patients with heart disease, completely questioning the notion that such plaques were correlated with modernizing and the Western, sedentary, fast-food-intensive lifestyle. Or, as researcher Gregory Thomas puts it, "Not only do we have atherosclerosis now, it was prevalent as long as 3,500 years ago. It is part of the human condition."

What that finding could mean in terms of understanding the causes of cardiovascular disease is up to history to decide, but what shouldn’t be in question is the power of modern medical technology to shed light on the lives and health of ancient peoples.

California Palace of the Legion of Honor (link)

(Image credit – Legion of Honor website)

Nowadays, digital attacks are talked about almost as much as swine flu, and for good reason. Information stealing and identity theft are two major reasons why people should be wary of possible hacking vulnerabilities in their computer. While hacking is a very serious and destructive threat to security, a team of researchers headed by MIT professor Martin Rinard hope to provide a security blanket to defend against these malicious attacks. Using their new utility, ClearView, Rinard and his team plan to provide an application which will self-patch vulnerable software and detect anomalies within a program’s execution.

By monitoring the normal execution of a program, ClearView establishes guidelines for how a program should run normally and correctly. Once a program’s normal behavior is established, the program is probed by ClearView and checked to see that its execution proceeds according to the standard guideline that was set for it. In Rinard’s paper, Rinard and his team issues a procedure that ClearView takes to identify possible vulnerabilities:

1. Learning: While a subject program is running, ClearView dynamically observes the program’s behavior and tries to identify certain rules which always hold true during its execution, called invariants. Invariants may include what locations in memory the program is likely to access or what values certain variables should hold. One attribute of ClearView is that the more executions a program runs, the better information ClearView has to prevent attacks.
2. Monitoring: Once ClearView establishes what invariants the program has, it proceeds to classify each execution of a program as either correct or incorrect.
3. Correlated Invariant Identification: Once a failure has been detected, ClearView proceeds to apply a series of patches which create “a set of correlated invariants.” These patches do not fix the error, but finds groups of invariants which categorize normal and invalid execution.
4. Candidate Repair Generation: Once these sets of invariants have been identified, ClearView applies another set of patches which re-establish the invariants that have been broken and hopefully fix the failure.
5. Candidate Repair Evaluation: After the patch has been generated and applied, ClearView analyzes the result of the patch and observes whether the patch seemed to work or not.

Rinard and his team tested ClearView’s capabilities by applying it on a group of computers to Firefox. Once ClearView established Firefox’s base behavior, a team of hackers attempted to infiltrate the web browser with minimal success.

ClearView was tested on a group of computers running Firefox and an independent team to launch an attack on the Web browser. The attack team used 10 different attacks to inject malicious code into Firefox. ClearView was successful in all 10 attacks by blocking the malicious code and shutting down the program before its intended attack took effect.

With more and more information being stored digitally, giving hackers more incentive to infiltrate computers, ClearView is clearly a step in the right direction. However, what impressed me the most about this breakthrough in computer security is how ClearView demonstrates how software can evolve and defend against malicious attacks, much like our own bodies defend against viruses. While sentient robots may be a long way off, this idea of software which performs better over time by simply observing its own execution may be a prelude to smarter programs which grow based on its user’s needs or cars which adjust to how a person drives. For now, however, I’d be perfectly fine with never needing to run my anti-virus software again.