Software That's Resilient Against Hacker Attack
October 29, 2009 by John Messina
Image Credit: Technology Review
(PhysOrg.com) -- A team of researchers headed by Martin Rinard, a professor of computer science at MIT, have developed new software that automatically patches errors in deployed software in a matter of minutes.
The software is called ClearView and is designed to apply patches whenever it detects that something has gone wrong with the program. ClearView operates by monitoring a program's normal behavior and establishing a set of rules.
ClearView looks for certain types of errors that are mostly caused by an attacker introducing malicious code into the operating program. When ClearView detects a software intrusion, it identifies the rule that has been compromised and generates a set of repair patches designed to force the software to follow the compromised rules. ClearView then studies all possibilities to determine which selected rule is the most successful patch.
ClearView can be very successful when it is installed on multiple computers running the same software. By ClearView analyzing the malicious code and applying the most effective rule on one machine, it can then apply the patch to all other machines. ClearView applies the patch to the binary code, bypassing the source code which enables it to fix programs without human intervention.
ClearView was tested on a group of computers running Firefox and an independent team to launch an attack on the Web browser. The attack team used 10 different attacks to inject malicious code into Firefox. ClearView was successful in all 10 attacks by blocking the malicious code and shutting down the program before its intended attack took effect.
ClearView created patches that corrected the errors introduced by the malicious code and discarded any corrections that had a negative effect. ClearView, on average, came up with a working patch within five minutes of its first attack.
In a TR interview, Rinard stated: "What this research is leading us to believe is that software isn't in itself inherently fragile and brittle because of errors. It's fragile and brittle because people are afraid to let the software continue if they think there's something wrong with it." Some software engineering approaches, such as "failure-oblivious computing" or "acceptable computing," share this philosophy.
More information: Automatically Patching Errors in Deployed Software, 22nd ACM Symposium on Operating Systems Principles. [Paper] [Slides]
FLV player
Automatically Patching Errors in Deployed Software, Conference Audio.
Via: Technology Review
© 2009 PhysOrg.com
May 22, 2006 |
not rated yet |
0
This reminds me of the joke. If the blackbox in a plane is indestructible why not make the whole plane out of it.
Afraid? Terrified is a better choice of words.
No sharing a computer, nothing on the computer when the stick is pulled. Nothing for malware to eat.
Corruption or mere suspicion? Restore virgin image in 15 minutes.
Invulnerable except to outright mugging.
Let's get rid of the bloatware and get back to the one-use OS now, please!
But it looks like they thought of this, the paper (section 4.1) states: "Infrastructure Attacks: Determine if attackers can subvert the ClearView patch generation and distribution mechanism to send out malicious patches. This paper omits the detailed results of this qualitative evaluation, but in summary the standard security measures already in place in the Determina commercial product (encryption, authentication, etc.) were judged to provide an acceptable level of protection against this class of attacks."
They also say that they weren't trying to fix everything in one go - and using this is still a lot better than being hacked.
But not a very usable suggestion for a high-availability, clustered-server & SAN situation.
It can not be worse than it is now.