Runtime Software Patching: Taxonomy, Survey and Future Directions (original) (raw)
Related papers
Automatically patching errors in deployed software
2009
We present ClearView, a system for automatically patching errors in deployed software. ClearView works on stripped Windows x86 binaries without any need for source code, debugging information, or other external information, and without human intervention.
Developing and deploying software patches is currently slow and labor-intensive. After software vendors discover a security bug in their product, they must write a patch, test it thoroughly, and distribute it to users, who may peform further testing before installing the patch. These manual steps take time, leaving users vulnerable for days or even weeks after a bug is discovered. Pre-patched software removes these time-consuming steps from the vulnerability-response critical path, reducing the window of vulnerability to hours or even minutes. Pre-patched applications ship with latent run-time checks that are automatically inserted during the compilation process. The compiler emits checks to cover any potentially-unsafe operation in the code. When the software vendor discovers a new vulnerability in its product , it can issue an alert informing its customers that they should activate one or more of the checks. Generating the run-time checks in advance removes the manual patch-development and testing processes from the vulnerability response critical path. Thus, when the vendor discovers a new vulnerability, it can immediately issue an alert and users can act on that alert without hesitation. By default, the run-time checks are disabled and hence incur little or no overhead. We have developed a CIL-based program-transformation that pre-patches C programs for memory-safety bugs. Early experiments suggest that pre-patched software may incur little measurable run-time overhead.
A Unified Patch Management Architecture
2004
This paper attempts to address the issue of hardening the internal security of an organisation's network by easing its patch management. A unified architecture to aid with this process is proposed, with the view towards the implementation of an open source, cross platform tool to solve this problem.
OPUS: Online Patches and Updates for Security
2005
We present OPUS, a tool for dynamic software patching capable of applying fixes to a C program at runtime. OPUS's primary goal is to enable application of security patches to interactive applications that are a frequent target of security exploits. By restricting the type of patches admitted by our system, we are able to significantly reduce any additional burden on the programmer beyond what would normally be required in developing and testing a conventional stop-and-restart patch. We hand-tested 26 real CERT [1] vulnerabilities, of which 22 were dynamically patched with our current OPUS prototype, doing so with negligible runtime overhead and no prior knowledge of the tool's existence on the patch programmer's part.
Controlled Update of Software Components using Concurrent Exection of Patched and Unpatched Versions
ArXiv, 2021
Software patching is a common method of removing vulnerabilities in software components to make IT systems more secure. However, there are many cases where software patching is not possible due to the critical nature of the application, especially when the vendor providing the application guarantees correct operation only in a specific configuration. In this paper, we propose a method to solve this problem. The idea is to run unpatched and patched application instances concurrently, with the unpatched one having complete control and the output of the patched one being used only for comparison, to watch for differences that are consequences of introduced bugs. To test this idea, we developed a system that allows us to run web applications in parallel and tested three web applications. The experiments have shown that the idea is promising for web applications from the technical side. Furthermore, we discuss the potential limitations of this system and the idea in general, how long two...
Proceedings 39th Annual 2005 International Carnahan Conference on Security Technology, 2005
Many reports indicated that most damages caused by computer viruses and hackers' attacks due to management problems. Computing environments implementing well managed patch management processes with quick response mechanisms will survive from most of serious attacks, such as MyDoom and Sasser Warm attacks in 2004. Medium or large enterprises usually have heterogeneous computing environments. For example, a company may use an Apache Server in a Linux-base PC as its Internet web server, use an IBM AIX running IBM DB2 database system as a database server, and equip all employees with Windows-based PCs running Microsoft Office for their daily work. Also, employees might work at many different locations. In the enterprise patch management (PM) market today, there are very few complete off-the-shelf solutions. A systematic efficient PM process model with complete patch management activity process cycle and patching strategies was proposed. We also propose an automatic five-layer PM system application architecture supporting heterogeneous environment. The model, hopefully, will make enterprise patch process more efficient, and will reduce the risks suffer from patch management challenges.
Towards self-healing smartphone software via automated patching
Proceedings of the 29th ACM/IEEE international conference on Automated software engineering, 2014
Frequent app bugs and low tolerance for loss of functionality create an impetus for self-healing smartphone software. We take a step towards this via on-the-fly error detection and automated patching. Specifically, we add failure detection and recovery to Android by detecting crashes and "sealing off" the crashing part of the app to avoid future crashes. In the detection stage, our system dynamically analyzes app execution to detect certain exceptional situations. In the recovery stage, we use bytecode rewriting to alter app behavior as to avoid such situations in the future. When using our implementation, apps can resume operation (albeit with limited functionality) instead of repeatedly crashing. Our approach does not require access to app source code or any system (e.g., kernel-level) modification. Experiments on several real-world, popular Android apps and bugs show that our approach manages to recover the apps from crashes effectively, timely, and without introducing overhead.
Automatic Recovery from Runtime Failures
We present a technique to make applications resilient to failures. This technique is intended to maintain a faulty application functional in the field while the developers work on permanent and radical fixes. We target field failures in applications built on reusable components. In particular, the technique exploits the intrinsic redundancy of those components by identifying workarounds consisting of alternative uses of the faulty components that avoid the failure. The technique is currently implemented for Java applications but makes little or no assumptions about the nature of the application, and works without interrupting the execution flow of the application and without restarting its components. We demonstrate and evaluate this technique on four mid-size applications and two popular libraries of reusable components affected by real and seeded faults. In these cases the technique is effective, maintaining the application fully functional with between 19% and 48% of the failure-...
Mutable Checkpoint-Restart: Automating Live Update for Generic Server Programs
In Proceedings of the 15th International Middleware Conference
The pressing demand to deploy software updates without stopping running programs has fostered much research on live update systems in the past decades. Prior solutions, however, either make strong assumptions on the nature of the update or require extensive and error-prone manual effort, factors which discourage live update adoption. This paper presents Mutable Checkpoint-Restart (MCR), a new live update solution for generic (multiprocess and multithreaded) server programs written in C. Unlike prior solutions, our techniques can support arbitrary software updates and automate most of the common live update operations. The key idea is to allow the new version to restart as similarly to a fresh (and independent) program initialization as possible, relying on existing code paths to automatically restore the old application threads and reinitialize a relevant portion of the program state. To transfer the remaining data structures, we rely on a combination of precise and conservative garbage collection to trace all the program pointers and apply data transformations on the fly. Experimental results on popular server programs (Apache httpd, nginx, OpenSSH and vsftpd ) confirm that our techniques can effectively automate problems previously deemed difficult at the cost of negligible run-time performance overhead (2% on average) and modest memory overhead (3.7x on average).