Piston: Uncooperative remote runtime patching

Christopher Salls, Yan Shoshitaishvili, Nick Stephens, Christopher Kruegel, Giovanni Vigna

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

While software is now being developed with more sophisticated tools, its complexity has increased considerably, and, as a consequence new vulnerabilities are discovered every day. To address the constant flow of vulnerabilities being identified, patches are frequently being pushed to consumers. Patches, however, often involve having to shutdown services in order to be applied, which can result in expensive downtime. To solve this problem, various hot-patching systems have been devised to patch systems without the need for restarting. These systems often require either the cooperation of the system or the process they are patching. This still leaves out a considerable amount of systems, most notably embedded devices, which remain unable to be hot-patched. We present Piston, a generic system for the remote hot-patching of uninterruptible software that operates without the system's cooperation. Piston achieves this by using an exploit to take control of the remote process and modify its code on-The-fly. Piston works directly on binary code and is capable of automatically counter-Acting the destructive effects on memory that might be the result of the exploitation.

Original languageEnglish (US)
Title of host publicationProceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017
PublisherAssociation for Computing Machinery
Pages141-153
Number of pages13
VolumePart F132521
ISBN (Electronic)9781450353458
DOIs
StatePublished - Dec 4 2017
Event33rd Annual Computer Security Applications Conference, ACSAC 2017 - Orlando, United States
Duration: Dec 4 2017Dec 8 2017

Other

Other33rd Annual Computer Security Applications Conference, ACSAC 2017
CountryUnited States
CityOrlando
Period12/4/1712/8/17

Fingerprint

Pistons
Binary codes
Data storage equipment

ASJC Scopus subject areas

  • Human-Computer Interaction
  • Computer Networks and Communications
  • Computer Vision and Pattern Recognition
  • Software

Cite this

Salls, C., Shoshitaishvili, Y., Stephens, N., Kruegel, C., & Vigna, G. (2017). Piston: Uncooperative remote runtime patching. In Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017 (Vol. Part F132521, pp. 141-153). Association for Computing Machinery. https://doi.org/10.1145/3134600.3134611

Piston : Uncooperative remote runtime patching. / Salls, Christopher; Shoshitaishvili, Yan; Stephens, Nick; Kruegel, Christopher; Vigna, Giovanni.

Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017. Vol. Part F132521 Association for Computing Machinery, 2017. p. 141-153.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Salls, C, Shoshitaishvili, Y, Stephens, N, Kruegel, C & Vigna, G 2017, Piston: Uncooperative remote runtime patching. in Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017. vol. Part F132521, Association for Computing Machinery, pp. 141-153, 33rd Annual Computer Security Applications Conference, ACSAC 2017, Orlando, United States, 12/4/17. https://doi.org/10.1145/3134600.3134611
Salls C, Shoshitaishvili Y, Stephens N, Kruegel C, Vigna G. Piston: Uncooperative remote runtime patching. In Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017. Vol. Part F132521. Association for Computing Machinery. 2017. p. 141-153 https://doi.org/10.1145/3134600.3134611
Salls, Christopher ; Shoshitaishvili, Yan ; Stephens, Nick ; Kruegel, Christopher ; Vigna, Giovanni. / Piston : Uncooperative remote runtime patching. Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017. Vol. Part F132521 Association for Computing Machinery, 2017. pp. 141-153
@inproceedings{0d71f16dc0544a3d8aa6e2337a88f52d,
title = "Piston: Uncooperative remote runtime patching",
abstract = "While software is now being developed with more sophisticated tools, its complexity has increased considerably, and, as a consequence new vulnerabilities are discovered every day. To address the constant flow of vulnerabilities being identified, patches are frequently being pushed to consumers. Patches, however, often involve having to shutdown services in order to be applied, which can result in expensive downtime. To solve this problem, various hot-patching systems have been devised to patch systems without the need for restarting. These systems often require either the cooperation of the system or the process they are patching. This still leaves out a considerable amount of systems, most notably embedded devices, which remain unable to be hot-patched. We present Piston, a generic system for the remote hot-patching of uninterruptible software that operates without the system's cooperation. Piston achieves this by using an exploit to take control of the remote process and modify its code on-The-fly. Piston works directly on binary code and is capable of automatically counter-Acting the destructive effects on memory that might be the result of the exploitation.",
author = "Christopher Salls and Yan Shoshitaishvili and Nick Stephens and Christopher Kruegel and Giovanni Vigna",
year = "2017",
month = "12",
day = "4",
doi = "10.1145/3134600.3134611",
language = "English (US)",
volume = "Part F132521",
pages = "141--153",
booktitle = "Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017",
publisher = "Association for Computing Machinery",

}

TY - GEN

T1 - Piston

T2 - Uncooperative remote runtime patching

AU - Salls, Christopher

AU - Shoshitaishvili, Yan

AU - Stephens, Nick

AU - Kruegel, Christopher

AU - Vigna, Giovanni

PY - 2017/12/4

Y1 - 2017/12/4

N2 - While software is now being developed with more sophisticated tools, its complexity has increased considerably, and, as a consequence new vulnerabilities are discovered every day. To address the constant flow of vulnerabilities being identified, patches are frequently being pushed to consumers. Patches, however, often involve having to shutdown services in order to be applied, which can result in expensive downtime. To solve this problem, various hot-patching systems have been devised to patch systems without the need for restarting. These systems often require either the cooperation of the system or the process they are patching. This still leaves out a considerable amount of systems, most notably embedded devices, which remain unable to be hot-patched. We present Piston, a generic system for the remote hot-patching of uninterruptible software that operates without the system's cooperation. Piston achieves this by using an exploit to take control of the remote process and modify its code on-The-fly. Piston works directly on binary code and is capable of automatically counter-Acting the destructive effects on memory that might be the result of the exploitation.

AB - While software is now being developed with more sophisticated tools, its complexity has increased considerably, and, as a consequence new vulnerabilities are discovered every day. To address the constant flow of vulnerabilities being identified, patches are frequently being pushed to consumers. Patches, however, often involve having to shutdown services in order to be applied, which can result in expensive downtime. To solve this problem, various hot-patching systems have been devised to patch systems without the need for restarting. These systems often require either the cooperation of the system or the process they are patching. This still leaves out a considerable amount of systems, most notably embedded devices, which remain unable to be hot-patched. We present Piston, a generic system for the remote hot-patching of uninterruptible software that operates without the system's cooperation. Piston achieves this by using an exploit to take control of the remote process and modify its code on-The-fly. Piston works directly on binary code and is capable of automatically counter-Acting the destructive effects on memory that might be the result of the exploitation.

UR - http://www.scopus.com/inward/record.url?scp=85038914195&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85038914195&partnerID=8YFLogxK

U2 - 10.1145/3134600.3134611

DO - 10.1145/3134600.3134611

M3 - Conference contribution

AN - SCOPUS:85038914195

VL - Part F132521

SP - 141

EP - 153

BT - Proceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017

PB - Association for Computing Machinery

ER -