Annual Computer Security Applications Conference (ACSAC) 2017

Full Program »

Piston: Uncooperative Remote Runtime Patching

While software is now being developed with more sophisticated tools, its complexity has increased considerably, and, as a consequence new vulnerabilities are discovered every day. To address the constant flow of vulnerabilities being identified, patches are frequently being pushed to consumers. Patches, however, often involve having to shutdown services in order to be applied, which can result in expensive downtime. To solve this problem, various hot-patching systems have been devised to patch systems without the need for restarting. These systems often require either the cooperation of the system or the process they are patching. This still leaves out a considerable amount of systems, most notably embedded devices, which remain unable to be hot-patched.

We present Piston, a generic system for the remote hot-patching of uninterruptible software that operates without the system's cooperation. Piston achieves this by using an exploit to take control of the remote process and modify its code on-the-fly. Piston works directly on binary code and is capable of automatically counter-acting the destructive effects on memory that might be the result of the exploitation.

Christopher Salls
UC Santa Barbara
United States

Yan Shoshitaishvili
UC Santa Barbara
United States

Nick Stephens
UC Santa Barbara
United States

Christopher Kruegel
UC Santa Barbara
United States

Giovanni Vigna
UC Santa Barbara
United States

 

Powered by OpenConf®
Copyright©2002-2017 Zakon Group LLC