This Small Business Innovation Research Phase I project aims to demonstrate the feasibility of fundamental improvements to OS update technology. These improvements would allow system administrators to apply OS patches faster than current practice, which would significantly hinder botnets and other attackers by reducing the window of vulnerability during which systems are running software with known problems. The current state-of-the-art requires that computers reboot to apply kernel updates. Since rebooting is disruptive, many system administrators delay performing security updates, despite the greatly increased risk-more than 90% of attacks exploit known vulnerabilities. Security would improve if administrators could apply updates immediately, as hot updates, without the need for reboots or disruption. Although programmers have long been capable of making ad hoc modifications to running programs, hot update technology has not seen widespread use because of key technical problems. In particular, constructing hot updates has always required extensive programming effort, which is expensive and-since programmers make mistakes-risky.
If successful, the current project will transform the state-of-the-art of software updates. Most directly, this research has the potential deliver a change that the IT industry wants: a way to apply security updates without rebooting. More generally, this research aims to improve the field's technical understanding of how to automatically apply traditional source code patches to a running program, such as the kernel. This problem has broad applications in debugging, profiling, instrumentation, and education. This research can lead to the creation of a hot update service, provided to companies on a per-machine, per-month basis, for a subscription charge. Companies who subscribe machines to this service would, without any ongoing effort, be able to transparently receive hot updates that solve software problems, without reboots or other disruption. This distribution of hot updates would improve security and reliability while decreasing machine maintenance costs.
This award is funded under the American Recovery and Reinvestment Act of 2009 (Public Law 111-5).
