Academic Commons

Articles

Band-aid Patching

Sidiroglou, Stelios; Ioannidis, Sotiris; Keromytis, Angelos D.

Testing vendor-issued patches remains one of the major hurdles to their speedy deployment. Studies have shown that administrators remain reluctant to quickly patch their systems, even when they have the capability to do so, partly because security patches in particular are often incomplete or altogether non-functional. We propose Band-aid Patching, a new approach for concurrently testing application patches. Using binary runtime injection techniques, we patch binaries such that when program execution reaches a program segment that has been affected by an issued patch, two (or more) program execution threads are created. These threads speculatively execute both parts of the code (patched and unpatched). Our system then retroactively selects one of the execution threads based on a variety of criteria, including obvious faultiness, prior history, and user input. We believe this approach to offer significant advantages to accelerating deployment of hot fixes while providing some assurance to system administrators. In this paper, we describe our initial thoughts on the system architecture, and provide some preliminary indications on the feasibility and performance impact of our scheme.

Subjects

Files

Also Published In

Title
Third Workshop on Hot Topics in System Dependability (HotDep'07): 26 June 2007, Edinburgh, UK
Publisher
USENIX

More About This Work

Academic Units
Computer Science
Published Here
July 11, 2012