When a computer system gets hacked, people typically fix the problem after the fact. Alexandre Rebert created a machine that can fix itself as the attack is happening.
Rebert recognized that computers may lack creativity, but they’re good at doing things quickly and on a massive scale. His system, called Mayhem, can analyze thousands of programs simultaneously, doing in a few hours what might take a human expert years to accomplish.
Mayhem, an autonomous system, does this by combining two techniques. The first is called coverage-based fuzzing—a standard in automated security testing, in which data is thrown at a program to see if an input triggers new behavior. It’s essentially scanning and searching in a fast way. The second, symbolic execution, analyzes the program in a slower, more nuanced way. The approaches complement each other, making the combination better than other techniques.
Rebert led the team creating Mayhem while working with ForAllSecure, the Pittsburgh-based cybersecurity company he cofounded. The company’s work and mission stem from his research at Carnegie Mellon. He thinks his invention could be especially useful for vulnerable systems like power grids, hospitals, and banks.
“There is an increasing amount of software in our lives,” says Rebert. “And depending only on human expertise is insufficient and dangerous.”
—Erika Beras