Controlled Update of Software Components using Concurrent Exection of Patched and Unpatched Versions

TL;DR

This paper presents a novel method for safely updating software components by concurrently executing patched and unpatched versions, enabling detection of bugs introduced by patches without disrupting critical systems.

Contribution

The paper introduces a system that runs patched and unpatched applications in parallel for bug detection, applicable to web applications and potentially other critical systems.

Findings

The system effectively detects bugs introduced by patches in web applications.

Running applications concurrently can identify regressions without system downtime.

The approach is promising for secure updates in critical infrastructure.

Abstract

Software patching is a common method of removing vulnerabilities in software components to make IT systems more secure. However, there are many cases where software patching is not possible due to the critical nature of the application, especially when the vendor providing the application guarantees correct operation only in a specific configuration. In this paper, we propose a method to solve this problem. The idea is to run unpatched and patched application instances concurrently, with the unpatched one having complete control and the output of the patched one being used only for comparison, to watch for differences that are consequences of introduced bugs. To test this idea, we developed a system that allows us to run web applications in parallel and tested three web applications. The experiments have shown that the idea is promising for web applications from the technical side. Furthermore, we discuss the potential limitations of this system and the idea in general, how long two instances should run in order to be able to claim with some probability that the patched version has not introduced any new bugs, other potential use cases of the proposed system where two application instances run concurrently, and finally the potential uses of this system with different types of applications, such as SCADA systems.