Controlled Update of Software Components using Concurrent Exection of Patched and Unpatched Versions

by   Stjepan Groš, et al.

Software patching is a common method of removing vulnerabilities in software components to make IT systems more secure. However, there are many cases where software patching is not possible due to the critical nature of the application, especially when the vendor providing the application guarantees correct operation only in a specific configuration. In this paper, we propose a method to solve this problem. The idea is to run unpatched and patched application instances concurrently, with the unpatched one having complete control and the output of the patched one being used only for comparison, to watch for differences that are consequences of introduced bugs. To test this idea, we developed a system that allows us to run web applications in parallel and tested three web applications. The experiments have shown that the idea is promising for web applications from the technical side. Furthermore, we discuss the potential limitations of this system and the idea in general, how long two instances should run in order to be able to claim with some probability that the patched version has not introduced any new bugs, other potential use cases of the proposed system where two application instances run concurrently, and finally the potential uses of this system with different types of applications, such as SCADA systems.



There are no comments yet.


page 1


Fighting Against XSS Attacks: A Usability Evaluation of OWASP ESAPI Output Encoding

Cross Site Scripting (XSS) is one of the most critical vulnerabilities e...

K-CONFIG: Using Failing Test Cases to Generate Test Cases in GCC Compilers

The correctness of compilers is instrumental in the safety and reliabili...

Erlang Code Evolution Control (Use Cases)

The main goal of this work is to show how SecEr can be used in different...

Detecting Critical Bugs in SMT Solvers Using Blackbox Mutational Fuzzing

Formal methods use SMT solvers extensively for deciding formula satisfia...

Learning Software Configuration Spaces: A Systematic Literature Review

Most modern software systems (operating systems like Linux or Android, W...

Further Investigation of the Survivability of Code Technical Debt Items

Context: Technical Debt (TD) discusses the negative impact of sub-optima...

Beyond Profiling: Scaling Profiling Data Usage to Multiple Applications

Profiling techniques are used extensively at different parts of the comp...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.