Browse > Article

Policy and Mechanism for Safe Function-level Dynamic Kernel Update  

Park, Hyun-Chan (고려대학교 컴퓨터학과)
Yoo, Chuck (고려대학교 컴퓨터학과)
Abstract
In recent years, the software vulnerability becomes an important problem to the safety in operating system kernel. Many organizations endeavor to publish patches soon after discovery of vulnerability. In spite of the effort, end-system administrators hesitate to apply the patches to their system. The reasons of hesitation are the reboot disruption and the distrust of patches. To solve this problem we propose a dynamic update system for non-updatable kernel, named DUNK. The DUNK provides: 1) a dynamic update mechanism at function-level granularity to overcome the reboot disruption and 2) a safety verification mechanism to overcome the distrust problem, named MAFIA. In this paper, we describe the design of DUNK and detailed algorithm of MAFIA.
Keywords
Safety mechanism for dynamic kernel update; code analysis for access behavior;
Citations & Related Records
연도 인용수 순위
  • Reference
1 http://nvd.nist.gov/home.cfm
2 W.A. Arbaugh, et al., "Windows of vulnerability: a case study analysis," ,pp. 52-59, Computer, Vol.33, No.12, 2000
3 G. Altekar, et al., "OPUS: Online Patches and Updates for Security," Proc. USENIX SS, 2005
4 R. Wahbe, et al., "Efficient software-based fault isolation," ,pp. 203-216, ACM SIGOPS Operating Systems Review, Vol.27, No.5, 1994   DOI
5 http://www.kb.cert.org/vuls/id/715973
6 http://support.microsoft.com/kb/819634/en-us
7 S. Beattie, et al., "Timing the Application of Security Patches for Optimal Uptime," Proceedings of LISA XVI, 2002
8 Tamches, A. and B.P. Miller, "Fine-Grained Dynamic Instrumentation of Commodity Operating System Kernels," , pp. 117-130, Proc. OSDI, 1999
9 G.C. Necula and P. Lee, "Safe kernel extensions withoutrun-time checking," ,pp. 229- 243, ACM SIGOPS Operating Systems Review, Vol.30, 1996   DOI
10 D. Gupta, et al., "A formal framework for on- linesoftware version change," ,pp. 120-131, IEEE ToSE, Vol.22, No.2, 1996