Virtual Repair
Augmented reality helps mechanics fix vehicles.

Source: “Evaluating the Benefits of Augmented Reality for Task Localization in Maintenance of an Armored Personnel Carrier Turret”
Steven J. Henderson and Steven Feiner
IEEE International Symposium on Mixed and Augmented Reality, October 19-22, 2009, Orlando, FL

Results: An “augmented reality” system developed by researchers at Columbia University helped mechanics with the United States Marines repair a light armored vehicle. Mechanics wearing the system’s head-mounted displays were able to locate and begin each task in about half the time it would take to do so using a repair manual on a laptop computer, which is the conventional approach.

Why it matters: The system could make the repair process faster and more efficient. Similar equipment could eventually help civilian car mechanics or consumers.

Methods: To identify what part of the vehicle a mechanic is looking at, the researchers installed 10 cameras that track the positions of three infrared light-emitting diodes attached to the headgear, which reveal its position and orientation. The system uses this information, combined with a 3-D computer model of the interior of the vehicle, to automatically update the display as the mechanic looks around. Arrows appear on the screen to direct the mechanic to parts in need of repair or maintenance. For complex tasks, it then displays additional visual information such as an animated 3-D model that shows how to use the tools required to complete the task.

The researchers compared the performance of six mechanics as they used the augmented-reality system, an untracked headset displaying static information, and an LCD monitor that showed the same graphics. In tests, the mechanics started repair tasks in 56 percent less time when they used the augmented-­reality system than they did when they used the untracked headset and in 47 percent less time than they did using the LCD monitor.

Next steps: The researchers want to improve the system so that it provides additional real-time feedback to help mechanics complete repairs more effectively. They would also like to incorporate the tracking sensors into the headset rather than relying on external cameras, which would allow the system to be used in other environments.

Automatic Defenses
A system protects software by detecting and patching errors.

Source: “Automatically Patching Errors in Deployed Software”
Jeff H. Perkins et al.
ACM Symposium on Operating Systems Principles, October 11-14, 2009, Big Sky, MT

Results: Software called ClearView automatically detected seven different types of attacks on the Internet browser Firefox and corrected the errors that the attacks exploited, all while the browser was running. It also ensured that the corrections didn’t lead to other errors.

Why it matters: Security is a race between attackers and defenders. The researchers found that it takes nearly a month after an attack, on average, for human defenders to create a patch and get it in place. ClearView solves the problem within minutes, and the researchers say it could be optimized to work even faster.

Methods: The researchers programmed ClearView to monitor Firefox during operation and assemble a list of rules that describe the ordinary behavior of the binary machine code that executes instructions from the program’s source code. ClearView then monitors the program for errors, such as an attempt by the browser to access a block of memory beyond what’s been allocated to it by the operating system. When it finds an error, ClearView identifies which rule has been violated and then generates sets of instructions that force the browser to follow that rule. For example, if an error occurs because a URL entered into a browser is too long, a patch might check the length of URLs and chop off everything over the allowed length. The system uses statistical analysis to gauge which patches are most likely to work and then installs those patches to test their effectiveness. If additional rules are violated after one patch is installed, it rejects that solution and tries another.

Next steps: ClearView has been applied to errors that allow code injection attacks (those caused when an attacker introduces bits of malicious code into a program). The researchers are working on expanding the system to patch other kinds of errors.