Luci: Loader-based Dynamic Software Updates for Off-the-shelf Shared Objects

Heinloth B, Wägemann P, Schröder-Preikschat W (2023)

Publication Language: English

Publication Type: Conference contribution, Conference Contribution

Publication year: 2023

Pages Range: 241 - 256

Conference Proceedings Title: 2023 USENIX Annual Technical Conference (USENIX ATC 23)

Event location: Boston, MA US

ISBN: 978-1-939133-35-9

URI: https://www.usenix.org/system/files/atc23-heinloth.pdf

Open Access Link: https://www.usenix.org/system/files/atc23-heinloth.pdf

Abstract

Shared libraries indisputably facilitate software development but also significantly increase the attack surface, and when using multiple libraries, frequent patches for vulnerabilities are to be expected. However, such a bugfix commonly requires restarting all services depending on the compromised library, which causes downtimes and unavailability of services. This can be prevented by dynamic software updating, but existing approaches are often costly and incur additional maintenance due to necessary source or infrastructure modifications.

With Luci, we present a lightweight linker/loader technique to unobtrusively and automatically update shared libraries during runtime by exploiting the indirection mechanisms of position-independent code, hence avoiding severe runtime overhead. Luci further adds no additional requirements, such as adjusting the source or interfering with the build chain, as it fully adapts to today's build and package-update mechanisms of common Linux distributions. We demonstrate our approach on popular libraries (like Expat and libxcrypt) using off-the-shelf (i.e., unmodified) binaries from Debian and Ubuntu packages, being able to update the majority of releases without the necessity of a process restart.

Authors with CRIS profile

Bernhard Heinloth Lehrstuhl für Informatik 4 (Verteilte Systeme und Betriebssysteme) Peter Wägemann Lehrstuhl für Informatik 4 (Verteilte Systeme und Betriebssysteme) Wolfgang Schröder-Preikschat Lehrstuhl für Informatik 4 (Verteilte Systeme und Betriebssysteme)

Related research project(s)

Whole-System Optimality Analysis and Tailoring of Worst-Case–Constrained Applications (Watwa) Nov. 1, 2022 - Nov. 1, 2025 Dynamic Operating-System Specialisation (DOSS) May 1, 2022 - May 1, 2025 Non-volatility in energy-aware operating systems (NEON) Jan. 1, 2022 - Jan. 1, 2025

How to cite

APA:

Heinloth, B., Wägemann, P., & Schröder-Preikschat, W. (2023). Luci: Loader-based Dynamic Software Updates for Off-the-shelf Shared Objects. In 2023 USENIX Annual Technical Conference (USENIX ATC 23) (pp. 241 - 256). Boston, MA, US.

MLA:

Heinloth, Bernhard, Peter Wägemann, and Wolfgang Schröder-Preikschat. "Luci: Loader-based Dynamic Software Updates for Off-the-shelf Shared Objects." Proceedings of the 2023 USENIX Annual Technical Conference, Boston, MA 2023. 241 - 256.

BibTeX: Download