Carnegie Mellon University
Browse

TACHYON: Tandem Execution for Efficient Live Patch Testing

Download (285.56 kB)
journal contribution
posted on 2012-08-01, 00:00 authored by Matthew Maurer, David BrumleyDavid Brumley

The vast number of security incidents are caused by exploits against vulnerabilities for which a patch is already available, but that users simply did not install. Patch installation is often delayed because patches must be tested manually to make sure they do not introduce problems, especially at the enterprise level.

In this paper we propose a new tandem execution approach for automated patch testing. Our approach is based on a patch execution consistency model which maintains that a patch is safe to apply if the executions of the pre and post-patch program only differ on attack inputs. Tandem execution runs both pre and postpatch programs simultaneously in order to check for execution consistency. We have implemented our techniques in TACHYON, a system for online patch testing in Linux. TACHYON is able to automatically check and verify patches without source access.

History

Publisher Statement

Copyright 2012 USENIX

Date

2012-08-01