Skip to Main content Skip to Navigation
Conference papers

Software security patches -- Audit, deployment and hot update

Abstract : Due to its ever growing complexity, software is and will probably never be 100% bug-free and secure. Therefore in most cases, software companies publish updates regularly. For the lack of time or care, or maybe because stopping an applica- tion is annoying, such updates are rarely, if ever, deployed on users' machines. We propose an integrated tool allowing system administrators to deploy critical security updates on the fly on applications running remotely and without the intervention of the end-user. Our approach is based on Arachne, an aspect weaving system that dynamically rewrites binary code. Hence applications are still running while they are updated. Our second tool Minerve integrates Arachne within the standard updating process: Minerve takes a patch produced by diff, a tool that lists textual differences between two versions of a file, and eventually builds a dynamic patch that can later be woven to update the application on the fly. In addition, by translating patches into aspects and thus generating a more abstract presentation of the changes, Minerve eases auditing tasks.
Document type :
Conference papers
Complete list of metadata
Contributor : Nicolas Loriant Connect in order to contact the contributor
Submitted on : Tuesday, July 13, 2010 - 10:50:32 AM
Last modification on : Wednesday, April 27, 2022 - 4:22:46 AM
Long-term archiving on: : Thursday, October 14, 2010 - 3:25:48 PM


Files produced by the author(s)


  • HAL Id : inria-00441354, version 1


Nicolas Loriant, Marc Ségura-Devillechaise, Jean-Marc Menaud. Software security patches -- Audit, deployment and hot update. 4th AOSD Workshop on Aspects Components and Patterns for Infrastucture Software, Mar 2005, Chicago, United States. ⟨inria-00441354⟩



Record views


Files downloads