Ksplice
- 1 April 2009
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM)
- p. 187-198
- https://doi.org/10.1145/1519065.1519085
Abstract
Ksplice allows system administrators to apply patches to their operating system kernels without rebooting. Unlike previous hot update systems, Ksplice operates at the object code layer, which allows Ksplice to transform many traditional source code patches into hot updates with little or no programmer involvement. In the common case that a patch does not change the semantics of persistent data structures, Ksplice can create a hot update without a programmer writing any new code. Security patches are one compelling application of hot updates. An evaluation involving all significant x86-32 Linux security patches from May 2005 to May 2008 finds that most security patches-56 of 64-require no new code to be performed as a Ksplice update. In other words, Ksplice can correct 88% of the Linux kernel vulnerabilities from this interval without the need for rebooting and without writing any new code. If a programmer writes a small amount of new code to assist with the remaining patches (about 17 lines per patch, on average), then Ksplice can apply all 64 of the security patches from this interval without rebootingKeywords
This publication has 10 references indexed in Scilit:
- Dynamic and adaptive updates of non-quiescent subsystems in commodity operating system kernelsPublished by Association for Computing Machinery (ACM) ,2007
- Live updating operating systems using virtualizationPublished by Association for Computing Machinery (ACM) ,2006
- Practical dynamic software updating for CPublished by Association for Computing Machinery (ACM) ,2006
- An expressive aspect language for system applications with ArachnePublished by Association for Computing Machinery (ACM) ,2005
- Devirtualizable virtual machines enabling general, single-node, online maintenanceACM SIGARCH Computer Architecture News, 2004
- ShieldPublished by Association for Computing Machinery (ACM) ,2004
- An API for Runtime Code PatchingThe International Journal of High Performance Computing Applications, 2000
- A formal framework for on-line software version changeIEEE Transactions on Software Engineering, 1996
- On-line software version change using state transfer between processesSoftware: Practice and Experience, 1993
- Dynamic Restructuring in an Experimental Operating SystemIEEE Transactions on Software Engineering, 1978