MIT Researchers Develop Automatic Security Vulnerability Fix

One of the dangers of security holes is sometimes they remain undetected for some time, giving hackers ample chance to exploit them. Now some researchers at MIT have solved this issue by creating a way to fix vulnerabilities automatically by borrowing processes securely from other applications.

2 Min Read
Stelios SidiroglouDouskos MIT research scientist
Stelios Sidiroglou-Douskos, MIT research scientist

One of the dangers of security holes is sometimes they remain undetected for some time, giving hackers ample chance to exploit them. Now some researchers at MIT have solved this issue by creating a way to fix vulnerabilities automatically by borrowing processes securely from other applications.

Researchers in MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) recently revealed what they’ve called CodePhage, which repairs software bugs by importing functionality from more secure applications without compromising the security of those applications in what one of the researchers called a “donor” and “recipient” relationship.

Rather than accessing the code of the applications it borrows from—the donor program—the fix analyzes how the apps work and characterizes the types of security checks they perform, according to the team. In this way, it is programming language-agnostic, able to import checks from applications written in languages other than the one in which the program it’s repairing was written, researchers said.

Once CodePhages imports code into an application with a bug—the recipient application—it also analyzes the repair to ensure it’s working properly.

“We have tons of source code available in open source repositories, millions of projects, and a lot of these projects implement similar specifications,” said Stelios Sidiroglou-Douskos, a research scientist who led CodePhage development at CSAIL, in a press release on the MIT website. “Even though that might not be the core functionality of the program, they frequently have subcomponents that share functionality across a large number of projects.”

Researchers tested CodePhage on seven common open source programs in which bugs were found, importing repairs from two to four donor applications for each one. They said they were able to patch the code, with each repair taking just two minutes to 10 minutes.

Fixing bugs isn’t the only goal the MIT team has for CodePhage. Security checks in commercial software can take up to 80 percent of the app’s code, or even more, which is a considerable amount of work for the developers of those applications. The MIT researchers hope future versions of their fix can reduce this workload by automating the insertion of security checks in software.

“The longer-term vision is that you never have to write a piece of code that somebody else has written before,” said MIT Professor of Computer Science and Engineering Martin Rinard, another researcher on the project, in the press release. “The system finds that piece of code and automatically puts it together with whatever pieces of code you need to make your program work.”

Read more about:

AgentsMSPsVARs/SIs

About the Author

Elizabeth Montalbano

Elizabeth Montalbano is a freelance writer who has written about technology and culture for more than 15 years. She has lived and worked as a professional journalist in Phoenix, San Francisco, and New York City. In her free time she enjoys surfing, traveling, music, yoga, and cooking. She currently resides in a small village on the southwest coast of Portugal.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like