Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »


Automatic Defenses
A system protects software by detecting and patching errors.

Source: “Automatically Patching Errors in Deployed Software”
Jeff H. Perkins et al.
ACM Symposium on Operating Systems Principles, October 11-14, 2009, Big Sky, MT

Results: Software called ClearView automatically detected seven different types of attacks on the Internet browser Firefox and corrected the errors that the attacks exploited, all while the browser was running. It also ensured that the corrections didn’t lead to other errors.

Why it matters: Security is a race between attackers and defenders. The researchers found that it takes nearly a month after an attack, on average, for human defenders to create a patch and get it in place. ClearView solves the problem within minutes, and the researchers say it could be optimized to work even faster.

Methods: The researchers programmed ClearView to monitor Firefox during operation and assemble a list of rules that describe the ordinary behavior of the binary machine code that executes instructions from the program’s source code. ClearView then monitors the program for errors, such as an attempt by the browser to access a block of memory beyond what’s been allocated to it by the operating system. When it finds an error, ClearView identifies which rule has been violated and then generates sets of instructions that force the browser to follow that rule. For example, if an error occurs because a URL entered into a browser is too long, a patch might check the length of URLs and chop off everything over the allowed length. The system uses statistical analysis to gauge which patches are most likely to work and then installs those patches to test their effectiveness. If additional rules are violated after one patch is installed, it rejects that solution and tries another.

Next steps: ClearView has been applied to errors that allow code injection attacks (those caused when an attacker introduces bits of malicious code into a program). The researchers are working on expanding the system to patch other kinds of errors.

0 comments about this story. Start the discussion »

Credit: 2009, Steven Henderson and Steven Feiner, Columbia University

Tagged: Computing, Web

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me