Shadow patching: Minimizing maintenance windows in a virtualized enterprise environment

Le, Duy; Xiao, Jidong; Huang, Hai; Wang, Haining

doi:10.1109/cnsm.2014.7014154

Cited by 2 publications

(4 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, while replacing an existing process requires interacting with the OS, replacing a virtual machine would require interacting with the virtualization hypervisor 4 . We find only a few studies where a patch is performed at VM-level [13,53]. Table 4 shows that VM-level studies mainly perform patch deployment automatically to patch vulnerabilities in cloud systems and data centers.…”

Section: Vm-level Patchingmentioning

confidence: 99%

“…Table 4 shows that VM-level studies mainly perform patch deployment automatically to patch vulnerabilities in cloud systems and data centers. Among them, Le et al [53] have proposed a shadow patching technique to reduce the downtime caused by patching VM running on the managed environment such as data centers. First, the proposed approach creates a replica of the VM that needs to be patched.…”

Section: Vm-level Patchingmentioning

confidence: 99%

“…Flexibility, Robustness, Ease of Use, Effectiveness (low overhead) Kshot [3] X86 SMM, intel SGX ✓ ✓ --Effectiveness (low overhead), Trustworthiness Safestack [7] Linux ✓ -✓ ✓ Efficiency, Safely, Scalability Instaguard [8] Android ✓ -✓ ✓ Efficiency Replus [9] Linux ✓ -✓ ✓ Efficiency, Lightweight, DUSC [14] Java runtime system -✓ --Effectiveness (low overhead) Vulmet [15] Android --✓ -Correctness, Robustness, Efficiency Seamless [54] Linux -✓ ✓ -Effectiveness, Reliability Kup [23] Linux -✓ ✓ -Effectiveness, Reliability Cure [24] x86 -✓ ✓ -Effectiveness, Safety Piston [10] x86 ✓ --✓ Effectiveness, Persistence DynSec [28] x86 ✓ -✓ ✓ Correctness, Effectiveness (low overhead), Efficiency Gitar [39] Contiki, TinyOS ---✓ Efficiency, Sustainability, Maintainability HotAsap [29] Apache web server ✓ ---Correctness, Effectiveness (low overhead), Efficiency Karma [2] Android ✓ ---Adaptiveness, Safety, Effectiveness Multiverse [33] Linux, cPython, musl ✓ --✓ Efficiency, Ease of use, Flexibility, Portability C-Multiverse [38] Linux, cPython, musl ✓ --✓ Efficiency, Ease of use, Flexibility, Portability BinPatch [40] Linux, x86 ✓ ---Efficiency, Persistence ShawdowPatching [53] Virtual -✓ --Effectiveness Proteos [27] x86 Proteos ✓ ✓ ✓ -Effectiveness, Scalability, Reliability, Security Waitfree [43] x86, Linux --✓ ✓ Low overhead Vpatcher [13] Virtual ---✓ Correctness, Efficiency Orthus [12] Virtual -✓ --Efficiency, Effectiveness, Scalability HyperFresh [30] Virtual ✓ ✓ --Effectiveness, Low overhead ContainerECU [52] Electronic Control Unit (ECU) --✓ -Efficiency, Effectiveness (low overhead), Scalability Cetratus [11] x86, PowerPC ---✓ Stability MVEDSE [44] C program -✓ -✓ Availability, low latency, effectiveness Tedsuto [45] Java program -✓ ✓ -Effectiveness, Efficiency Kitsune [5,46] C-program -✓ ✓ -Effectiveness (no overhead), Efficiency Ginseng [47] C program -✓ ✓ -Scala...…”

Section: Memory Managementmentioning

confidence: 99%

“…Table 6 provides a mapping of various granularity with patch responsibility proposed in the literature review. DSU [1], Safestack [7], InstaGuard [8], Replus [9], Vulmet [15], Wordpatch [31] Function Multiverse [33], CompMultiver [38], Gitar [39] Ksplice [4], Piston [10], UpdateCalculus [41] Replus [9], Polus [25], Cure [24], Appwrapper [34], OSSPatcher [35], HotPatcher [36] Process Katana [42], Proteos [43], MVEDSUA [44], Ginseng [47] Cetratus [11], Proteos [27] Tedsuto [26], Kitsune [5,46] VM --ShadowPatching [53], Vpatcher [13] Hypervisor…”

Section: Runtime Patching Responsible Entitiesmentioning

confidence: 99%

See 3 more Smart Citations

Runtime Software Patching: Taxonomy, Survey and Future Directions

Islam¹,

Prokhorenko²,

Babar³

2022

Preprint

View full text Add to dashboard Cite

Runtime software patching aims to minimize or eliminate service downtime, user interruptions and potential data losses while deploying a patch. Due to modern software systems' high variance and heterogeneity, no universal solutions are available or proposed to deploy and execute patches at runtime. Existing runtime software patching solutions focus on specific cases, scenarios, programming languages and operating systems. This paper aims to identify, investigate and synthesize state-of-the-art runtime software patching approaches and gives an overview of currently unsolved challenges. It further provides insights on multiple aspects of runtime patching approaches such as patch scales, general strategies and responsibilities. This study identifies seven levels of granularity, two key strategies providing a conceptual model of three responsible entities and four capabilities of runtime patching solutions. Through the analysis of the existing literature, this research also reveals open issues hindering more comprehensive adoption of runtime patching in practice. Finally, it proposes several crucial future directions that require further attention from both researchers and practitioners.

show abstract

Section: Vm-level Patchingmentioning

confidence: 99%

Section: Vm-level Patchingmentioning

confidence: 99%