Versatile Live Patching System (VLPS)

Period of Performance: 03/15/2016 - 03/15/2018

$500K

Phase 2 SBIR

Recipient Firm

Intelligent Automation, Inc.
15400 Calhoun Dr, Suite 190
Rockville, MD 20855
Firm POC
Principal Investigator

Abstract

ABSTRACT: Patch management is one of the main enabling technologies in maintaining a high degree of security for IT systems. Often the patch requires a higher level of privilege to apply, making the patching operation itself a potential target of exploitation. The update or patch might require a reboot or perceivable system downtime, which becomes an issue for level 1 or 2 mission assurance category systems. Additional patch management software also exposes the patched system to additional risk, which is magnified if that additional software is running at a privileged level. Ideally, the patch or update would be applied by a trusted, privileged entity that is free from tampering or exploitation. Such requirement is particularly desirable in a virtualized hosting environment where virtual machines (VMs) run on top of a hypervisor. To address this critical need, Intelligent Automation Inc. (IAI) proposes to further develop the Versatile Live Patching System (VLPS). The VLPS updates a target system with new code or data for its software. VLPS can patch two levels of execution: guest kernel and guest applications running in the guest VMs. VLPS is a framework of tools that matches mission patching requirement with a stealthy yet privileged patch deployment approach. ; BENEFIT: VLPS can be directly applied to the military and security contexts. The ability to live patch a system reduces its downtime and patching at a lower privilege level increases the operation security of the system. Both government and commercial organizations will benefit from the development of VLPS for cyber security and mission / business success reasons. The effective security of Government cyber security development programs is decreased due to the delay in patching systems. Patching of virtual machine is often at a much lower level of compliance due to VM sprawl. VLPS can be applied to any information technology system. Any DoD system using VMs would benefit from VLPS. VLPS has significant commercial potential for applications such as corporate security design, information security, and cloud configurations. End users of VLPS include network security tool providers (e.g., Symantec, McAfee, SourceFire) to minimize the client software required for their patch management systems; information security consulting companies (e.g., NSS Labs) to enhance the introspection services they provide; and large commercial organizations including financial (e.g., Bank of America, Citibank), retail (e.g., Amazon, Overstock), and healthcare (e.g., United Healthcare, Humana).