Title :
Server protection through dynamic patching
Author :
Loriant, Nicolas ; Ségura-Devillechaise, Marc ; Menaud, Jean-Marc
Author_Institution :
EMN-INRIA, LINA, Nantes, France
Abstract :
Hackers have been developing fast propagating worms exploiting vulnerabilities that had just been disclosed by security experts. Those attacks particularly expose servers: this class of applications is constantly connected to the Internet and must meet uptime constraints. Hence they often run unprotected until the next scheduled update. In this paper, we propose a just-in-time protection for servers based on runtime injection of pre-made patches. The runtime injection permits to deal with uptime constraints and induces only a minimal overhead over the vulnerable code and only when a vulnerability is known to exist. The pre-made patches forbid exploitation of most common vulnerabilities (45% of attacks reported by Debian security in 2005 affected C software) and allows continuous servicing.
Keywords :
client-server systems; network servers; security of data; software maintenance; dynamic patching; just-in-time protection; runtime patch injection; server protection; Buffer overflow; Computer bugs; Computer hacking; Costs; Delay; Internet; Protection; Runtime; Security; Web server;
Conference_Titel :
Dependable Computing, 2005. Proceedings. 11th Pacific Rim International Symposium on
Print_ISBN :
0-7695-2492-3
DOI :
10.1109/PRDC.2005.56