Dr. Song's Cure for Sick Computers

IT’S GOOD TO BE BAD: “In order to design a secure system, you have to think like an attacker,” says EECS associate professor Dawn Song, a computer security specialist. “Acquiring that knowledge can potentially be used to do harm. That’s why we heavily emphasize ethics and responsibility at Berkeley.”IT’S GOOD TO BE BAD: “In order to design a secure system, you have to think like an attacker,” says EECS associate professor Dawn Song, a computer security specialist. “Acquiring that knowledge can potentially be used to do harm. That’s why we heavily emphasize ethics and responsibility at Berkeley.”. (Photo by Rachel Shafer.)Malware is tough to defeat. Once a piece of malicious software such as a virus or worm attacks, it might take days or weeks before computer security professionals release a fix or other countermeasure, says EECS associate professor Dawn Song (Ph.D.’02 EECS). In the meantime, malware can infect legions of computers and mutate into a different virus altogether. It’s an endless game of catch up.

Defenders of COTS (common, off-the-shelf software) now have a better weapon. “In many cases, we’ve reduced that very labor-intensive process of dissecting a piece of malware from weeks to hours, even minutes,” Song says. By significantly cutting the amount of time it takes security analysts to address a malware problem, she’s created what she calls a “game-changing” technology in the security landscape.

In August, MIT’s Technology Review magazine named Song one of their 2009 Young Innovators Under 35. She joins EECS assistant professor Ali Javey, alumna Michelle Khine (B.S.’99, M.S.’01 ME; J.Ph.D.’05 BioE) and 32 other elite researchers selected from more than 300 nominees in medicine, computing, communications, nanotechnology and other fields.

Song and her research group’s software analysis platform, BitBlaze, achieves blazing efficiency by automating the process. Instead of fighting malware manually with teams of security analysts, BitBlaze harnesses the power of software to understand the attack at a deeper level. At processor speed, BitBlaze analyzes both the mechanisms the virus is employing to mount its attack and the vulnerability it’s attacking. Song’s technology then automatically generates defenses, such as a filter, to stop further attacks on the same vulnerability.

How? One explanation is to use the analogy of a universal flu vaccine. “The health care industry develops a new flu vaccine every year because the virus has since morphed, and last year’s vaccine is no longer effective,” she explains.

TEAM BITBLAZE: Members of Song’s research group include (left to right) Joel Weinberger, Pongsin Poosankam, Stephen McCamant, Feng Mao, Devdatta Akhawe (sitting), Prateek Saxena, Professor Dawn Song, Adam Barth, Min Gyung Kang and Juan Caballero. RACHEL SHAFER PHOTOSTEAM BITBLAZE: Members of Song’s research group include (left to right) Joel Weinberger, Pongsin Poosankam, Stephen McCamant, Feng Mao, Devdatta Akhawe (sitting), Prateek Saxena, Professor Dawn Song, Adam Barth, Min Gyung Kang and Juan Caballero. (Photo by Rachel Shafer.)The key is to zero in on known patterns that don’t change. In order to reproduce, every biological virus needs to enter a cell by means of a delicate mechanism that is difficult to morph. “If you create a vaccine targeting that part,” Song adds, “you’ve developed a vaccine that can be applied universally. That’s what we’ve done with BitBlaze.”

To bypass the need for source code from both malware and commercial software, neither of which are usually available, BitBlaze reviews the basic binary 1s and 0s that instruct a computer’s operation. (Thus, “Bit” in BitBlaze.)

Lucky for us, BitBlaze, which was created with open source technology, won’t remain in the proverbial ivory tower. Government and industry have both shown an interest in seeing the technology commercialized, Song says, and she has collaborated with Symantec on a related security project and consulted with Cisco, Juniper Networks and Microsoft on how BitBlaze research might enhance their products.

“Dawn is one of the world leaders in computer security, and it’s great to see her groundbreaking accomplishments recognized,” says colleague David Wagner, an EECS associate professor and fellow researcher in computer security and cryptography. “BitBlaze is helping to shore up our defenses against malware and viruses because today, anti-virus companies employ armies of employees who laboriously analyze viruses in order to work out what each does and how to protect against it. Professor Song’s research shows how to automate this process, enabling anti-virus companies to respond more quickly to new viruses and malware.”

Cyber criminals are everywhere, and even as she fine-tunes BitBlaze, Song is thinking beyond software. She and her team of researchers are hard at work on her next new project. Called WebBlaze, it will identify techniques and architectures to safeguard the Web, and some of the technology has already been incorporated in mainstream browsers like Google Chrome.