Skip to Main content Skip to Navigation
Conference papers

Software security patches -- Audit, deployment and hot update

Abstract : Due to its ever growing complexity, software is and will probably never be 100% bug-free and secure. Therefore in most cases, software companies publish updates regularly. For the lack of time or care, or maybe because stopping an applica- tion is annoying, such updates are rarely, if ever, deployed on users' machines. We propose an integrated tool allowing system administrators to deploy critical security updates on the fly on applications running remotely and without the intervention of the end-user. Our approach is based on Arachne, an aspect weaving system that dynamically rewrites binary code. Hence applications are still running while they are updated. Our second tool Minerve integrates Arachne within the standard updating process: Minerve takes a patch produced by diff, a tool that lists textual differences between two versions of a file, and eventually builds a dynamic patch that can later be woven to update the application on the fly. In addition, by translating patches into aspects and thus generating a more abstract presentation of the changes, Minerve eases auditing tasks.
Document type :
Conference papers
Complete list of metadata

https://hal.inria.fr/inria-00441354
Contributor : Nicolas Loriant <>
Submitted on : Tuesday, July 13, 2010 - 10:50:32 AM
Last modification on : Wednesday, December 5, 2018 - 1:22:07 AM
Long-term archiving on: : Thursday, October 14, 2010 - 3:25:48 PM

File

loriant.acp4is05.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : inria-00441354, version 1

Citation

Nicolas Loriant, Marc Ségura-Devillechaise, Jean-Marc Menaud. Software security patches -- Audit, deployment and hot update. 4th AOSD Workshop on Aspects Components and Patterns for Infrastucture Software, Mar 2005, Chicago, United States. ⟨inria-00441354⟩

Share

Metrics

Record views

484

Files downloads

165