By monitoring the normal execution of a program, ClearView establishes guidelines for how a program should run normally and correctly. Once a program’s normal behavior is established, the program is probed by ClearView and checked to see that its execution proceeds according to the standard guideline that was set for it. In Rinard’s paper, Rinard and his team issues a procedure that ClearView takes to identify possible vulnerabilities:

1. Learning: While a subject program is running, ClearView dynamically observes the program’s behavior and tries to identify certain rules which always hold true during its execution, called invariants. Invariants may include what locations in memory the program is likely to access or what values certain variables should hold. One attribute of ClearView is that the more executions a program runs, the better information ClearView has to prevent attacks.
2. Monitoring: Once ClearView establishes what invariants the program has, it proceeds to classify each execution of a program as either correct or incorrect.
3. Correlated Invariant Identification: Once a failure has been detected, ClearView proceeds to apply a series of patches which create “a set of correlated invariants.” These patches do not fix the error, but finds groups of invariants which categorize normal and invalid execution.
4. Candidate Repair Generation: Once these sets of invariants have been identified, ClearView applies another set of patches which re-establish the invariants that have been broken and hopefully fix the failure.
5. Candidate Repair Evaluation: After the patch has been generated and applied, ClearView analyzes the result of the patch and observes whether the patch seemed to work or not.

Rinard and his team tested ClearView’s capabilities by applying it on a group of computers to Firefox. Once ClearView established Firefox’s base behavior, a team of hackers attempted to infiltrate the web browser with minimal success.

ClearView was tested on a group of computers running Firefox and an independent team to launch an attack on the Web browser. The attack team used 10 different attacks to inject malicious code into Firefox. ClearView was successful in all 10 attacks by blocking the malicious code and shutting down the program before its intended attack took effect.

With more and more information being stored digitally, giving hackers more incentive to infiltrate computers, ClearView is clearly a step in the right direction. However, what impressed me the most about this breakthrough in computer security is how ClearView demonstrates how software can evolve and defend against malicious attacks, much like our own bodies defend against viruses. While sentient robots may be a long way off, this idea of software which performs better over time by simply observing its own execution may be a prelude to smarter programs which grow based on its user’s needs or cars which adjust to how a person drives. For now, however, I’d be perfectly fine with never needing to run my anti-virus software again.

It’s in that spirit that I was very happy to learn about the efforts of two enterprising MIT students who, in what they appropriately called Project Icarus, were able to take high-altitude pictures from the “edge of space” with a setup that included a weather balloon filled with helium, a cheap digital camera (Canon A470), a pre-paid phone with GPS (Motorola i290), an antenna (to extend the range of the phone, some basic tracking/geography software like Google Earth and Accutracking, and a styrofoam beer cooler to insulate the setup such that, collectively, cost them only a mere $148!

The results? Over a 5 hour period, the setup went 17.5 miles up (to the “edge of space”), where the balloon popped, and fell to the earth over a 40 minute period and landed about 20 miles away from the launch site. And, as for the pictures, well, you can see them yourself in the students’ MIT directory or in the timelapse video they put together (below).

If that doesn’t inspire you to do a little exploration of your own, I don’t know what will!

Not to be outdone, British students launched teddy bears into near-space using a similar technique, but included temperature sensors (to measure the temperature extremes), insulating “spacesuits” (to protect the bears from freezing solid), and even a parachute to gently glide the bears down to Earth!

(Note: if you’re in the US and want to do something similar, please make sure to (a) contact the FAA, (b) use the University of Wyoming’s balloon trajectory estimator to make sure that your balloon won’t land in a densely populated region, and (c) make sure the balloon can land gently without injuring anyone or your equipment)

(Photo’s from 1337arts site) (Teddy Bear photo’s from DailyMail)