Channels ▼
RSS

Parallel

Patching "Holes" in the Cloud


Researchers from North Carolina State University and IBM have invented a way to update computer systems packaged in virtual machines in a computer cloud — even when those programs are offline.

The new cloud computing patch tool developed by NC State and IBM is called Nuwa and protects virtual machines (VMs) from cyberattacks by ensuring that they always receive important security upgrades. In addition, the researchers have determined that offline application of security patches is more than four times faster than online patch application. The tool is named after a Chinese goddess who patched a hole in the sky.

A paper describing the research, "Always Up-to-date: Scalable Offline Patching of VM Images in a Compute Cloud," will be presented Dec. 10 at the Annual Computer Security Applications Conference in Austin, Texas.

"We've designed a way to patch these virtual machines while they are offline, so that they are kept up to date in terms of security protection," said Dr. Peng Ning, professor of computer science at NC State and coauthor of a paper describing the research."“Current patching systems are designed for computers that are online and they don't work for dormant computers or virtual machines. The tool we developed automatically analyzes the script that dictates how a security patch is installed, and then automatically re-writes the script to make it compatible with an offline system."

Nuwa leverages a collection of techniques developed by IBM, called Mirage, that is used for performing efficient offline introspection and manipulation of a large collection of VM images, to allow cloud administrators to patch multiple VMs simultaneously. A program already exists that allows cloud computing systems to operate more efficiently by saving one version of a computer file that is used by multiple VMs — rather than saving the same file repeatedly for each individual VM. Nuwa takes advantage of this technology and, by patching one file, can ultimately protect all of the VMs that use that file.

NC State and IBM have successfully tested and evaluated Nuwa on the IBM Research Compute Cloud, a compute cloud that is used by IBM researchers worldwide.

The research collaboration was funded by the National Science Foundation and IBM. The lead author on the paper is Wu Zhou, a Ph.D. student at NC State. Co-authors are Ning; Xiaolan Zhang, Glenn Ammons and Vasanth Bala of the IBM T.J. Watson Research Center; and Ruowen Wang, a Ph.D. student at NC State.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video