USENIX Conference Policies
OPUS: Online Patches and Updates for Security
We present OPUS, a tool for dynamic software patching capable of applying fixes to a C program at runtime. OPUS's primary goal is to enable application of security patches to interactive applications that are a frequent target of security exploits. By restricting the type of patches admitted by our system, we are able to significantly reduce any additional burden on the programmer beyond what would normally be required in developing and testing a conventional stop-and-restart patch. We hand-tested 26 real CERT vulnerabilities, of which 22 were dynamically patched with our current OPUS prototype, doing so with negligible runtime overhead and no prior knowledge of the tool's existence on the patch programmer's part.
BibTeX
@inproceedings {269244,
author = {Gautam Altekar and Ilya Bagrak and Paul Burstein and Andrew Schultz},
title = {{OPUS}: Online Patches and Updates for Security},
booktitle = {14th USENIX Security Symposium (USENIX Security 05)},
year = {2005},
address = {Baltimore, MD},
url = {https://www.usenix.org/conference/14th-usenix-security-symposium/opus-online-patches-and-updates-security},
publisher = {USENIX Association},
month = jul
}
author = {Gautam Altekar and Ilya Bagrak and Paul Burstein and Andrew Schultz},
title = {{OPUS}: Online Patches and Updates for Security},
booktitle = {14th USENIX Security Symposium (USENIX Security 05)},
year = {2005},
address = {Baltimore, MD},
url = {https://www.usenix.org/conference/14th-usenix-security-symposium/opus-online-patches-and-updates-security},
publisher = {USENIX Association},
month = jul
}