Due to its ever growing complexity, software is and will probably never be 100% bug-free and secure. Therefore in most cases, software companies publish updates regularly. For the lack of time or care, or maybe because stopping an applica- tion is annoying, such updates are rarely, if ever, deployed on users' machines. We propose an integrated tool allowing system administrators to deploy critical security updates on the fly on applications running remotely and without the intervention of the end-user. Our approach is based on Arachne, an aspect weaving system that dynamically rewrites binary code. Hence applications are still running while they are updated. Our second tool Minerve integrates Arachne within the standard updating process: Minerve takes a patch produced by diff, a tool that lists textual differences between two versions of a file, and eventually builds a dynamic patch that can later be woven to update the application on the fly. In addition, by translating patches into aspects and thus generating a more abstract presentation of the changes, Minerve eases auditing tasks.
[1]
Mario Südholt,et al.
An expressive aspect language for system applications with Arachne
,
2005,
AOSD '05.
[2]
Ophir Frieder,et al.
On-the-fly program modification: systems for dynamic updating
,
1993,
IEEE Software.
[3]
Deepak Gupta,et al.
A Formal Framework for On-line Software Version Change
,
1996,
IEEE Trans. Software Eng..
[4]
Jeffrey K. Hollingsworth,et al.
An API for Runtime Code Patching
,
2000,
Int. J. High Perform. Comput. Appl..
[5]
Julia L. Lawall,et al.
Web cache prefetching as an aspect: towards a dynamic-weaving based solution
,
2003,
AOSD '03.
[6]
Robert O'Callahan,et al.
Lackwit: A Program Understanding Tool Based on Type Inference
,
1997,
Proceedings of the (19th) International Conference on Software Engineering.
[7]
Bruce Schneier,et al.
Secrets and Lies: Digital Security in a Networked World
,
2000
.