For years, says Dawn Song, computer defenders have been reacting to each new virus, worm, or other piece of malware after it appears, developing and deploying filters that detect known patterns in malicious code in order to stop its spread. Instead of stopping malicious programs one by one, Song, an associate professor of computer science, aims to protect computers at a deeper level.
Source code for both malware and commercial software is often not available, which slows the hunt for vulnerabilities. Song figured out how to find security flaws by examining only the 1s and 0s that the computer runs. Her platform, BitBlaze, analyzes malware and automatically generates a filter to protect against it until a security patch is released. It can also analyze those patches and produce new malware that exploits any vulnerabilities; this allows programmers to make security patches as sound as possible.
Such tasks “were previously relegated to highly specialized manual labor,” says Avi Rubin, technical director of the Johns Hopkins University Information Security Institute; he calls BitBlaze “a giant step forward in the battle against those who wish harm against computer systems.” For example, if a worm tried to infiltrate a computer, BitBlaze’s response could fend off a variety of future attacks targeting the same vulnerability. Technology spun out of Song’s research has already been incorporated into Google’s Chrome browser, and she has collaborated with security software companies such as Symantec. –Erica Naone