Workshop Program

Adobe's near ubiquitous product adoption requires the ability to update a significant population of the Internet. As a result, this presents many unique challenges in defining a comprehensive update strategy. Not only is it required that updates ship for both consumers and enterprises across multiple operating systems, devices, and browsers, it also often needs to be completed very quickly with as little friction as possible. This presentation will discuss Adobe's approach with software updates and the lessons learned in the process.

Peleus Uhley is the Platform Security Strategist within Adobe's Secure Software Engineering Team (ASSET). His primary focus is advancing Adobe's Secure Product Lifecycle (SPLC) and assisting with incident response within Adobe platform technologies, including Flash Player, ColdFusion, and AIR. Prior to joining Adobe, Peleus started in the security industry as a developer for Anonymizer, Inc., and went on to be a security consultant for @stake and Symantec.

This paper presents Rubah, a new dynamic software updating (DSU) system for Java programs that works on stock JVMs. Rubah supports a large range of program changes (e.g., changes to the class hierarchy and updates to running methods), does not restrict important programming idioms (e.g., reflection), and, as shown by performance experiments using an updatable version of the H2 database management system, imposes low overhead on normal execution.

Security patches protect an application from discovered vulnerabilities and should be applied as fast as possible. On the other hand, patching the application reduces the availability of the service due to the necessary restart. System administrators need to balance system availability with a potential compromise of system integrity. 

A dynamic software update mechanism applies security updates on the fly but does not protect from unknown vulnerabilities. Software-based fault isolation on the other hand uses a sandbox to protect the integrity of a system by detecting unpatched vulnerabilities but provides no mechanism to repair any vulnerabilities. 

This paper presents DynSec, a mechanism for on-the fly code rewriting and repair that dynamically applies security patches for unmodified binary applications. A sandbox protects the integrity of the system while the dynamic update mechanism increases the availability of the application. A prototype implementation that needs no a-priori cooperation from the application incurs a combined overhead of 11% on the SPEC CPU2006 benchmarks for the sandbox and the dynamic update mechanism.

This paper presents PyMoult, a Python library implementing various dynamic software update (DSU) mechanisms. This library aims to provide a prototyping platform for experimenting with DSU and to implement a vast choice of update mechanisms while allowing their combination and customization.

We selected different update mechanisms from the literature and implemented them in PyMoult. This paper focuses on how we implemented these mechanisms and discusses the cost of implementing DSU in Python.