While listening to talk about the inevitability of 0-day attacks today, I was reminded about a talk I heard at the University of Washington Computer Science Colloquium back in April by Michael Ernst from MIT.
It's easy to get focused on the security problems that confront us today and the limitations of our current tools. In the meantime, there is fabulous blue sky research going on everywhere (and even some great applied research like this project) that will become a whole new generation of tools.
The colloquium is recorded and available online. Here's an excerpt from the abstract:
Here's an MP4 download.A software monoculture -- many computers running the same application -- offers benefits for system administrators and users, but every copy of the application is vulnerable to the same security exploits. Our work enables a monoculture, or "application community", to automatically defend itself against previously unknown zero-day exploits, by creating patches that defeat those exploits without affecting application functionality.
Existing attack detectors (e.g., for buffer overflows and code injection) are able to prevent an attack by converting it to a crash. By contrast, in our approach the community members collaborate to learn from each attempted attack. The community learns how the application behaves when not under attack, what code is targeted by the attack, and how the attack affects application behavior. Based on this information, the community automatically generates and evaluates patches to find one that averts the attack.
Leave a comment