CloudER: a framework for automatic software vulnerability location and patching in the cloud

In a virtualization-based cloud infrastructure, customers of the cloud deploy virtual machines (VMs) with their own applications and customized runtime environments. The cloud provider supports the execution of these VMs without detailed knowledge of the guest applications and operating systems in the VMs. In addition to elastic resource provisioning for the VMs, a desirable "value-added" service the cloud provider can provide is the emergency response to runtime incidences of software bugs and vulnerabilities. The challenge is to facilitate the automatic runtime detection, location, and patching of the software vulnerability -- outside the VMs and without the source code. In this paper, we present CloudER, a cloud "emergency room" architecture that automatically detect, locate, and patch software vulnerabilities in cloud application binaries at runtime. CloudER leverages an existing taint-based system (Demand Emulation) for runtime anomaly detection, employs new algorithms for software vulnerability location and patch generation, and adapts a virtual machine introspection system (XenAccess) for dynamic patching. Our preliminary evaluation experiments with a number of real-world server applications show that CloudER achieves timely response to runtime software faults or attacks from outside the VMs. The main contributions of this paper are highlighted as follows: (1) CloudER is an integrated architecture that improves the runtime reliability of cloud applications. It covers the full life cycle of exploit detection, culprit instruction location, patch generation and application, and execution state recording and reset -- all performed from outside the protected VM and without the source code of the applications. (2) While leveraging existing techniques for taint-based exploit detection, CloudER involves new methods for culprit instruction location and binary patch generation. The methods cover some of the most common types of software vulnerabilities and the patches generated are of small size (tens of bytes). (3) CloudER incurs reasonable performance overhead to the application in comparison with running the application in an unprotected VM. The interruption to the production VM's execution (for culprit instruction location and patch generation) is less than half a minute in our experiments with real-world applications.

[1]  Vitaly Osipov,et al.  Format String Attacks , 2005 .

[2]  Andrew Warfield,et al.  Practical taint-based protection using demand emulation , 2006, EuroSys.

[3]  Helen J. Wang,et al.  ShieldGen: Automatic Data Patch Generation for Unknown Vulnerabilities with Informed Probing , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[4]  Emery D. Berger,et al.  Exterminator: automatically correcting memory errors with high probability , 2007, PLDI '07.

[5]  Peng Ning,et al.  Always up-to-date: scalable offline patching of VM images in a compute cloud , 2010, ACSAC '10.

[6]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[7]  Richard Wolski,et al.  The Eucalyptus Open-Source Cloud-Computing System , 2009, 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid.

[8]  Qi Gao,et al.  First-aid: surviving and preventing memory management bugs during production runs , 2009, EuroSys '09.

[9]  Tzi-cker Chiueh,et al.  Automatic Patch Generation for Buffer Overflow Attacks , 2007, Third International Symposium on Information Assurance and Security.

[10]  Michael D. Ernst,et al.  Automatically patching errors in deployed software , 2009, SOSP '09.

[11]  John Wilander,et al.  A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention , 2003, NDSS.

[12]  Yuanyuan Zhou,et al.  BugBench: Benchmarks for Evaluating Bug Detection Tools , 2005 .

[13]  Wenke Lee,et al.  Secure and Flexible Monitoring of Virtual Machines , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[14]  Sergey Bratus,et al.  Katana: A Hot Patching Framework for ELF Executables , 2010, 2010 International Conference on Availability, Reliability and Security.

[15]  Xuxian Jiang,et al.  AutoPaG: towards automated software patch generation with source code root cause identification and repair , 2007, ASIACCS '07.