Return to COAST homepageby Mohd A. Bashar, Ganesh Krishnan, Markus G. Kuhn, E. H. Spafford and S. S. Wagstaff, Jr.
COAST Laboratory, Department of Computer Sciences, Purdue University, West Lafayette, Indiana 47907-1398.
Software patches implicitly contain vulnerability information that may be abused to jeopardize the security of a system. When a vendor supplies a binary program patch, different users may receive it at different times. The differential application times of the patch create a window of vulnerability until all users have installed the patch. An abuser who receives the patch earlier than some other users might disassemble the binary patch and identify the problem for which the patch has been issued. Armed with this information, he might be able to abuse another user's machine in some way.
A similar situation occurs in the deployment of security tools. Configuration management, compliance monitoring and intrusion detection are all complex tasks that can be enhanced by the use of automated tools. However, any effective tool to perform one of these functions will necessarily encode vulnerability information or explicit information about security "localisms." This information may be reverse-engineered and used against systems.
We discuss several ways that security patches and tools may be made safer. Among the techniques we suggest are: customizing patches to apply to only one machine, disguising patches to hinder their interpretation, synchronizing patch distribution to close the window of vulnerability, applying patches automatically, and using cryptoprocessors with enciphered operating systems.