Wednesday, June 08, 2005

Patch-on-Demand Saves Even More Time?

Keywords: computer security, automated patching, zero-day attacks, patch creation

As mentioned in the previous post, I went to see a talk by this author and was really interested in what he's been doing, so I'm looking through his papers. This little 3 page magazine article, Patch-on-Demand Saves Even More Time? is a very short introduction to a problem in security patching: how do we make sure it happens fast enough? Right now, quite a lot of the newsworthy security issues are related to flaws that have been known (and patched) for months, but not all of them are like that. The idea of a "Zero day attack" is that it's possible for the flaw and exploit to occur on the same day, leaving users with no advance warning in order to prepare their systems. There's great worry that these will become more common.

So how should we handle this issue? His answer: Automation! Actually, it's a pretty common answer, it's just that the system he's looking at creates the patches as well as applying them, whereas most of the systems we see are all about applying existing (human-created) patches in an automated or semi-automated way.

Automated patch creation is not a perfect answer, but it's got a lot of potential... for good and bad. How can we be sure the cure isn't worse than the disease, as it were? "The risks of relying on automated patching and testing as the only real-time defense techniques are not fully understood." While I doubt they'll ever be fully understood, I am curious if there's any way we can understand them in a general way short of implementing a bunch of ideas and generalizing.

Anyhow, he's had some good results (which he discussed in the talk I attended) with such an automated patching system that took source code and basically emulated the bits that were known to have problems. I'll probably talk about his system later, but I thought I'd mention paper first as an easy read and introduction to this particular problem, before I start looking at proposed solutions.

posted by T @ 2:46 PM

0 Comments:

Post a Comment

<< Home