Latest COVID-19 Information for Purdue University

The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Sam Wagstaff - CERIAS

Students: Fall 2021, unless noted otherwise, sessions will be virtual on Zoom.

Low Threat Security Patches

Jan 09, 2002

Abstract

Software patches implicitly contain vulnerability information that may be abused to jeopardize the security of a system. When a vendor supplies a binary program patch, different users may receive it at different times. The differential application times of the patch create a window of vulnerability until all users have installed the patch. An abuser who receives the patch earlier than some other users might disassemble the binary patch and identify the problem for which the patch has been issued. Armed with this information, he might be able to abuse another user's machine in some way. We discuss several ways that security patches may be made safer. Among the techniques we suggest are: customizing patches to apply to only one machine, disguising patches to hinder their interpretation, synchronizing patch distribution to close the window of vulnerability, applying patches automatically, and using cryptoprocessors with enciphered operating systems.


About the Speaker

Before coming to Purdue, Professor Wagstaff taught at the Universities of Rochester, Illinois, and Georgia. He spent a year at the Institute for Advanced Study in Princeton. His research interests are in the areas of cryptography, parallel computation, and analysis of algorithms, especially number theoretic algorithms. He and J. W. Smith of the University of Georgia have built a special processor with parallel capability for factoring large integers.



Ways to Watch

YouTube

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!