Software security patches -- Audit, deployment and hot update

Abstract : Due to its ever growing complexity, software is and will probably never be 100% bug-free and secure. Therefore in most cases, software companies publish updates regularly. For the lack of time or care, or maybe because stopping an applica- tion is annoying, such updates are rarely, if ever, deployed on users' machines. We propose an integrated tool allowing system administrators to deploy critical security updates on the fly on applications running remotely and without the intervention of the end-user. Our approach is based on Arachne, an aspect weaving system that dynamically rewrites binary code. Hence applications are still running while they are updated. Our second tool Minerve integrates Arachne within the standard updating process: Minerve takes a patch produced by diff, a tool that lists textual differences between two versions of a file, and eventually builds a dynamic patch that can later be woven to update the application on the fly. In addition, by translating patches into aspects and thus generating a more abstract presentation of the changes, Minerve eases auditing tasks.
Type de document :
Communication dans un congrès
4th AOSD Workshop on Aspects Components and Patterns for Infrastucture Software, Mar 2005, Chicago, United States. 2005
Liste complète des métadonnées

https://hal.inria.fr/inria-00441354
Contributeur : Nicolas Loriant <>
Soumis le : mardi 13 juillet 2010 - 10:50:32
Dernière modification le : vendredi 22 juin 2018 - 09:27:25
Document(s) archivé(s) le : jeudi 14 octobre 2010 - 15:25:48

Fichier

loriant.acp4is05.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : inria-00441354, version 1

Citation

Nicolas Loriant, Marc Ségura-Devillechaise, Jean-Marc Menaud. Software security patches -- Audit, deployment and hot update. 4th AOSD Workshop on Aspects Components and Patterns for Infrastucture Software, Mar 2005, Chicago, United States. 2005. 〈inria-00441354〉

Partager

Métriques

Consultations de la notice

393

Téléchargements de fichiers

112