2007 Articles
Band-aid Patching
Testing vendor-issued patches remains one of the major hurdles to their speedy deployment. Studies have shown that administrators remain reluctant to quickly patch their systems, even when they have the capability to do so, partly because security patches in particular are often incomplete or altogether non-functional. We propose Band-aid Patching, a new approach for concurrently testing application patches. Using binary runtime injection techniques, we patch binaries such that when program execution reaches a program segment that has been affected by an issued patch, two (or more) program execution threads are created. These threads speculatively execute both parts of the code (patched and unpatched). Our system then retroactively selects one of the execution threads based on a variety of criteria, including obvious faultiness, prior history, and user input. We believe this approach to offer significant advantages to accelerating deployment of hot fixes while providing some assurance to system administrators. In this paper, we describe our initial thoughts on the system architecture, and provide some preliminary indications on the feasibility and performance impact of our scheme.
Subjects
Files
- bandaid.pdf application/pdf 140 KB Download File
Also Published In
- Title
- Third Workshop on Hot Topics in System Dependability (HotDep'07): 26 June 2007, Edinburgh, UK
- Publisher
- USENIX
More About This Work
- Academic Units
- Computer Science
- Published Here
- July 11, 2012