Martin Rinard, a professor of computer science at MIT, is unabashed about the ultimate goal of his group’s research: “delivering an immortal, invulnerable program.” In work presented this month at the ACM Symposium on Operating Systems Principles in Big Sky, MT, a group of MIT researchers, led by Rinard and Michael Ernst, who is now an associate professor at the University of Washington, developed software that can find and fix certain types of software bugs within a matter of minutes.
When a potentially harmful vulnerability is discovered in a piece of software, it takes nearly a month on average for human engineers to come up with a fix and to push the fix out to affected systems, according to a report issued by security company Symantec in 2006. The researchers, who collaborated with a startup called Determina on the work, hope that the new software, called ClearView, will speed this process up, making software significantly more resilient against failure or attack.
ClearView works without assistance from humans and without access to a program’s underlying source code (an often proprietary set of instructions that defines how a piece of software will behave). Instead, the system monitors the behavior of a binary: the form the program takes in order to execute instructions on a computer’s hardware.
By observing a program’s normal behavior and assigning a set of rules, ClearView detects certain types of errors, particularly those caused when an attacker injects malicious input into a program. When something goes wrong, ClearView detects the anomaly and identifies the rules that have been violated. It then comes up with several potential patches designed to force the software to follow the violated rules. (The patches are applied directly to the binary, bypassing the source code.) ClearView analyzes these possibilities to decide which are most likely to work, then installs the top candidates and tests their effectiveness. If additional rules are violated, or if a patch causes the system to crash, ClearView rejects it and tries another.
ClearView is particularly effective when installed on a group of machines running the same software. In that case, what ClearView learns from errors on one machine is used to fix all the others. Because it doesn’t require access to source code, Rinard says that ClearView could be used to fix programs without requiring the cooperation of the company that made the software, or to repair programs that are no longer being maintained. He hopes the system could extend the life of older versions of software, created by companies that have gone out of business, in addition to protecting current software.
To test the system, the researchers installed ClearView on a group of computers running Firefox and hired an independent team to attack the Web browser. The hostile team used 10 different attack methods, each of which involved injecting some malicious code into Firefox. ClearView successfully blocked all of the would-be attacks by detecting misbehavior and terminating the application before the attack could have its intended effect. The very first time ClearView encounters an exploit it closes the program and begins analyzing the binary, searching for a patch that could have stopped the error.