• Corpus ID: 235294057

Controlled Update of Software Components using Concurrent Exection of Patched and Unpatched Versions

@article{Gro2021ControlledUO,
  title={Controlled Update of Software Components using Concurrent Exection of Patched and Unpatched Versions},
  author={Stjepan Gro{\vs} and Ivan Kova{\vc}evi{\'c} and Ivan Dujmi'c and Matej Petrinovic},
  journal={ArXiv},
  year={2021},
  volume={abs/2106.01154}
}
Software patching is a common method of removing vulnerabilities in software components to make IT systems more secure. However, there are many cases where software patching is not possible due to the critical nature of the application, especially when the vendor providing the application guarantees correct operation only in a specific configuration. In this paper, we propose a method to solve this problem. The idea is to run unpatched and patched application instances concurrently, with the… 

Figures from this paper

References

SHOWING 1-10 OF 26 REFERENCES

Differential Testing for Software

Quality is not a question of correctness, but rather of how many bugs are fixed and how few are introduced in the ongoing development process, if the bug count is increasing, the software is deteriorating.

Software Reliability for Agile Testing

This paper seeks to model this way of working by extending the Jelinski–Moranda model to a “stack” of feature-specific models, assuming that the bugs are labeled with the features they belong to, and presents the results in predicting the reliability of software for agile testing environments.

HyDiff: Hybrid Differential Software Analysis

This paper presents HyDiff, the first hybrid approach for differential software analysis, which integrates and extends two very successful testing techniques: Feedback-directed greybox fuzzing for efficient program testing and shadow symbolic execution for systematic program exploration.

Introduction to probability and mathematical statistics

This book presents an introduction to Probability Theory and Mathematical Statistics, a measure theory with a soul, which has been prepared taking both aesthetic and practical aspects into account.

An Automated Approach to Estimating Code Coverage Measures via Execution Logs

An automated approach to estimating code coverage measures using the readily available execution logs, called LogCoCo, which matches the execution logs with their corresponding code paths and estimates three different code coverage criteria: method coverage, statement coverage, and branch coverage.

Understanding Software Patching

This document explains how software patching is an increasingly important aspect of today’s computing environment as the volume, complexity, and number of configurations under which a piece of software runs have grown considerably.

Docker

Exploiting Dissent: Towards Fuzzing-Based Differential Black-Box Testing of TLS Implementations

A novel fuzzing algorithm is introduced for generating large and diverse corpuses of mostly-valid TLS handshake messages and is seen as the first step towards fully interactive differential testing of black-box TLS protocol implementations.

NEZHA: Efficient Domain-Independent Differential Testing

The notion of δ-diversity is introduced, which summarizes the observed asymmetries between the behaviors of multiple test applications, and two efficient domain-independent input generation mechanisms for differential testing, one gray-box and one black-box are designed.

SFADiff: Automated Evasion Attacks and Fingerprinting Using Black-box Differential Automata Learning

It is shown that SFADIFF is able to find differences not only between different WAFs but also between different versions of the same WAF, and support fully automated root cause analysis in a domain-independent manner.