Bench Press

Nowadays, digital attacks are talked about almost as much as swine flu, and for good reason. Information stealing and identity theft are two major reasons why people should be wary of possible hacking vulnerabilities in their computer. While hacking is a very serious and destructive threat to security, a team of researchers headed by MIT professor Martin Rinard hope to provide a security blanket to defend against these malicious attacks. Using their new utility, ClearView, Rinard and his team plan to provide an application which will self-patch vulnerable software and detect anomalies within a program’s execution.

By monitoring the normal execution of a program, ClearView establishes guidelines for how a program should run normally and correctly. Once a program’s normal behavior is established, the program is probed by ClearView and checked to see that its execution proceeds according to the standard guideline that was set for it. In Rinard’s paper, Rinard and his team issues a procedure that ClearView takes to identify possible vulnerabilities:

1. Learning: While a subject program is running, ClearView dynamically observes the program’s behavior and tries to identify certain rules which always hold true during its execution, called invariants. Invariants may include what locations in memory the program is likely to access or what values certain variables should hold. One attribute of ClearView is that the more executions a program runs, the better information ClearView has to prevent attacks.
2. Monitoring: Once ClearView establishes what invariants the program has, it proceeds to classify each execution of a program as either correct or incorrect.
3. Correlated Invariant Identification: Once a failure has been detected, ClearView proceeds to apply a series of patches which create “a set of correlated invariants.” These patches do not fix the error, but finds groups of invariants which categorize normal and invalid execution.
4. Candidate Repair Generation: Once these sets of invariants have been identified, ClearView applies another set of patches which re-establish the invariants that have been broken and hopefully fix the failure.
5. Candidate Repair Evaluation: After the patch has been generated and applied, ClearView analyzes the result of the patch and observes whether the patch seemed to work or not.

Rinard and his team tested ClearView’s capabilities by applying it on a group of computers to Firefox. Once ClearView established Firefox’s base behavior, a team of hackers attempted to infiltrate the web browser with minimal success.

ClearView was tested on a group of computers running Firefox and an independent team to launch an attack on the Web browser. The attack team used 10 different attacks to inject malicious code into Firefox. ClearView was successful in all 10 attacks by blocking the malicious code and shutting down the program before its intended attack took effect.

With more and more information being stored digitally, giving hackers more incentive to infiltrate computers, ClearView is clearly a step in the right direction. However, what impressed me the most about this breakthrough in computer security is how ClearView demonstrates how software can evolve and defend against malicious attacks, much like our own bodies defend against viruses. While sentient robots may be a long way off, this idea of software which performs better over time by simply observing its own execution may be a prelude to smarter programs which grow based on its user’s needs or cars which adjust to how a person drives. For now, however, I’d be perfectly fine with never needing to run my anti-virus software again.