(Page 2 of 2)
For seven of the attacking team's approaches, ClearView created patches that corrected the underlying errors. In all cases, it discarded corrections that had negative side effects. On average, ClearView came up with a successful patch within about five minutes of its first exposure to an attack.
"What this research is leading us to believe is that software isn't in itself inherently fragile and brittle because of errors," says Rinard. "It's fragile and brittle because people are afraid to let the software continue if they think there's something wrong with it." Some software engineering approaches, such as "failure-oblivious computing" or "acceptable computing," share this philosophy.
ClearView "is a really good starting point," says Yuanyuan Zhou, a professor of computer of science at the University of California, San Diego, who also researches software dependability. Zhou lauds the evaluation process the researchers used for the project but says she wants to see ClearView tested on a wider variety of applications.
"Keeping the system going at all costs does seem to have merit," adds David Pearce, a senior lecturer in computer science at Victoria University in Wellington, New Zealand. He points out that ClearView is designed to apply patches whenever it detects that something has gone wrong. Some systems are designed to shut down when an error is detected, but if an attacker's goal is sabotage, Pearce says, this approach plays right into their hands.
But ClearView's approach could result in some hiccups for the user, Pearce adds. For example, if a Web browser had a bug that made it unable to handle URLs past a certain length, ClearView's patch might protect the system by clipping off the ends of URLs that were too long--preventing the program from failing, but also preventing it from working fully. However, such issues probably wouldn't be outright harmful. "It's generally only hackers that attempt to exploit such loopholes," says Pearce, "and they would be the ones who suffered."
Device drivers account for most crashes and even introduce security problems; a new testing tool could provide an early warning.
The team gathered data on compromised pages and the would-be victims.
Ksplice uses new technology to build security updates for Linux that can be installed without restarting.
I remember hearing about IBM's work on "self-healing" software several years ago, but never heard anything about their software repair efforts. I'm glad the ClearView developers have made progress on this idea.
I'd love to know what this software could do with patches generated randomly, by neural nets or genetic algorithms. Could it analyze software binaries that are known to work and make them faster?
Post-compiler optimization? That could be very interesting.
Some posters stated there was a lack of references for the self-repairing software. Here is a link to a paper published on the research:
http://people.csail.mit.edu/rinard/paper/sosp09.pdf
and if it got in the wrong hands?
this seems like a pretty big step. I just have to wonder what happens when somebody turns it around. Seems to me like it would be very simple to turn this program around and make it quickly destroy a binary, or slip malicious code in at the binary level that would be virtually invisible to the user. Hate to be Mr. Negative, but it just seems like it could be pretty powerful for good and bad...
BTW, so when does Skynet come online?
Just remember that we're talking about "Artificial" intelligence, and dealing with entirely new problems and related heuristics to solve them is not a trivial issue. An untrained automated healer has the same potential to do damage as the original defect, does it not?
This is very interesting and all, but to be honest, it would only slow/stop script kiddies. The 'advanced' hackers (I hate this word) would eventually find a way to bypass this software, there are numerous ways.
I can think of a few:
If run on a local machine, hook the scanning functions and whenever called.. return "nothing has changed"
If on a remote target, depending on how quickly "ClearView" can detect an exploit, your payload could jump into ClearViews address space and modify it, then proceed.
Bottom line is this, if there's a will, there's a way.
On the other hand, I do find this research very interesting and a step forward, but it wont be THE answer. Honestly, I don't believe it's possible to stop "hackers".
We not only have more time, than the software developers, but the WILL to tinker and break. As well as the HUGE community sharing ideas.
Many > few
Just how does ClearView define an error?
How does ClearView define an "error"? If I could get it to think a login or DRM verification failure is an error, would it automatically "fix" it for me? ClearView could be the ultimate hackers tool...
Re: Just how does ClearView define an error?
A possible method. The OS generates the error or fault depending of the abnormal condition. In a Rules based Expert System of this nature a rule for each OS generated error could be created to reflect the characteristics of the error. The rule is aware of the proper instruction sequence and the data flow. Once an error is thrown, a Analysis engine compares the machine/program generated data against a normal data example. Depending on the Knowledge Rule the data can be modified or a error message can be generated.
I remember an old anti-virus system which was touted as a revolutionary advance...more so than this software. The hackers broke it within 1 update of the software.
Wasnt very difficult once they understood what it did...
So by applying this to there product..it would take a few months before its circumvented with ease.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
This document is part of the “How-To Guide for Most Common Measurements” centralized resource portal. This tutorial provides a detailed guide for measurement and device considerations to take temperature measurements using thermocouples. Get an introduction to thermocouples, which are inexpensive sensing devices widely used with PC-based data acquisition systems. Also review some specific thermocouple examples and learn how thermocouples work and ways to integrate them into a data acquisition measurement system.
View full PDF >
Listen to story > 
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
briang1621
173 Comments
Is this for Real? (note to author)
Wouldn't a break through like this have academic research associated with it, like articles in famous journals? Why weren't any cited in this article, at minimum state the journal name.
The reason I say this, is because this breakthrough is so astounding (accessing bits and applying patch via AI) that one would think it is make believe.
Here is a note to the author, any time something seems to unbelievable, or way out of the ordinary, try and give the readers some creditable sources to help in making the story more believable.
That aside, I really like the technology and think it has great promise especially for military applications that need to always run!
Thanks
Dr. Brian Glassman
Reply
Falaina
1 Comment
Re: Is this for Real? (note to author)
I was also somewhat troubled by the lack of references to published research in this article. For those who are interested, here's a link to a conference paper on the system: http://people.csail.mit.edu/rinard/paper/sosp09.pdf
Reply
cathy247
1 Comment
Re: Is this for Real? (note to author)
Yes its called OS/2. IBM introduced it in c. 1985 but Microsoft killed it because it put Windoze to shame as it worked too well. IBM eventually gave up the struggle as it didn't make them any money because it doesn't crash and as it is multi-threaded is immune to viruses because if the virus killed one thread the others took over and the virus was extinguished after one generation.
IBM made money by fixing all the glitches with Windoze which they're still doing today ...
My husband is an OS/2 nut so I know the whole story..
Reply
lteliasson
1 Comment
Re: Is this for Real? (note to author)
I think is impressive to get a complete system to actually do this in a running system.
Looking at the software and detecting the anomalies by an attack is like building an software profiling database noticing an altered behavior. When detecting changes in stack, pointers and statements the situation is less complicated than looking at the whole program. At this level the is to reorganize the instructions to be more robust, without breaking the overall design. It's lika an recompilation of intruction flow from the orignal compilation. And at this level there would be a lot of approches to patch a program that would apply in a wide range of attacks.
Reply