Multi-version software updates

Software updates present a difficult challenge to the software maintenance process. Too often, updates result in failures, and users face the uncomfortable choice between using an old stable version which misses recent features and bug fixes, and using a new version which improves the software in certain ways, only to introduce other bugs and security vulnerabilities. In this position paper, we propose a radically new approach for performing software updates: whenever a new update becomes available, instead of upgrading the software to the new version, we instead run the new version in parallel with the old one. By carefully coordinating their executions and selecting the behavior of the more reliable version when they diverge, we can preserve the stability of the old version without giving up the features and bug fixes added to the new version. We are currently focusing on a prototype system targeting multicore CPUs, but we believe this approach could also be deployed on other parallel platforms, such as GPGPUs and cloud environments.

[1]  Crispin Cowan,et al.  Timing the Application of Security Patches for Optimal Uptime , 2002, LISA.

[2]  Alexander L. Wolf,et al.  Multiplicity computing: a vision of software engineering for next-generation computing platform applications , 2010, FoSER '10.

[3]  Emery D. Berger,et al.  DieHard: probabilistic memory safety for unsafe languages , 2006, PLDI '06.

[4]  George Candea,et al.  Microreboot - A Technique for Cheap Recovery , 2004, OSDI.

[5]  Samuel T. King,et al.  Using replicated execution for a more secure and reliable web browser , 2012, NDSS.

[6]  Robert Johnson OOPSLA keynote: Moving Fast at Scale - Lessons Learned at Facebook , 2009, OOPSLA 2009.

[7]  Yuanyuan Zhou,et al.  Rx: treating bugs as allergies---a safe method to survive software failures , 2005, SOSP '05.

[8]  Ricardo Bianchini,et al.  Staged deployment in mirage, an integrated software upgrade testing and distribution system , 2007, SOSP.

[9]  Angelos D. Keromytis,et al.  Execution transactions for defending against software failures: use and evaluation , 2006, International Journal of Information Security.

[10]  Luiz André Barroso,et al.  The Case for Energy-Proportional Computing , 2007, Computer.

[11]  Satish Narayanasamy,et al.  Detecting and surviving data races using complementary schedules , 2011, SOSP.

[12]  Marianne Shaw,et al.  Scale and performance in the Denali isolation kernel , 2002, OSDI '02.

[13]  Dominique Devriese,et al.  Noninterference through Secure Multi-execution , 2010, 2010 IEEE Symposium on Security and Privacy.

[14]  A. Prasad Sistla,et al.  Preventing Information Leaks through Shadow Executions , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[15]  Landon P. Cox,et al.  TightLip: Keeping Applications from Spilling the Beans , 2007, NSDI.

[16]  Cristian Cadar,et al.  Safe software updates via multi-version execution , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[17]  David Evans,et al.  N-Variant Systems: A Secretless Framework for Security through Diversity , 2006, USENIX Security Symposium.

[18]  Richard L. Sites,et al.  Binary translation , 1993, CACM.

[19]  Thomas R. Gross,et al.  Variant-based competitive parallel execution of sequential programs , 2010, CF '10.

[20]  Daniel M. Roy,et al.  Enhancing Server Availability and Security Through Failure-Oblivious Computing , 2004, OSDI.

[21]  Miguel Castro,et al.  Vigilante: end-to-end containment of internet worms , 2005, SOSP '05.

[22]  Liming Chen,et al.  N-VERSION PROGRAMMINC: A FAULT-TOLERANCE APPROACH TO RELlABlLlTY OF SOFTWARE OPERATlON , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..

[23]  Michael D. Ernst,et al.  Automatically patching errors in deployed software , 2009, SOSP '09.

[24]  Michael Franz,et al.  Orchestra: intrusion detection using parallel execution and monitoring of program variants in user-space , 2009, EuroSys '09.