Heinloth B, Wägemann P, Schröder-Preikschat W (2023)
Publication Language: English
Publication Type: Conference contribution, Conference Contribution
Publication year: 2023
Pages Range: 241 - 256
Conference Proceedings Title: 2023 USENIX Annual Technical Conference (USENIX ATC 23)
ISBN: 978-1-939133-35-9
URI: https://www.usenix.org/system/files/atc23-heinloth.pdf
Open Access Link: https://www.usenix.org/system/files/atc23-heinloth.pdf
Shared libraries indisputably facilitate software development but also significantly increase the attack surface, and when using multiple libraries, frequent patches for vulnerabilities are to be expected. However, such a bugfix commonly requires restarting all services depending on the compromised library, which causes downtimes and unavailability of services. This can be prevented by dynamic software updating, but existing approaches are often costly and incur additional maintenance due to necessary source or infrastructure modifications.
With Luci, we present a lightweight linker/loader technique to unobtrusively and automatically update shared libraries during runtime by exploiting the indirection mechanisms of position-independent code, hence avoiding severe runtime overhead. Luci further adds no additional requirements, such as adjusting the source or interfering with the build chain, as it fully adapts to today's build and package-update mechanisms of common Linux distributions. We demonstrate our approach on popular libraries (like Expat and libxcrypt) using off-the-shelf (i.e., unmodified) binaries from Debian and Ubuntu packages, being able to update the majority of releases without the necessity of a process restart.
APA:
Heinloth, B., Wägemann, P., & Schröder-Preikschat, W. (2023). Luci: Loader-based Dynamic Software Updates for Off-the-shelf Shared Objects. In 2023 USENIX Annual Technical Conference (USENIX ATC 23) (pp. 241 - 256). Boston, MA, US.
MLA:
Heinloth, Bernhard, Peter Wägemann, and Wolfgang Schröder-Preikschat. "Luci: Loader-based Dynamic Software Updates for Off-the-shelf Shared Objects." Proceedings of the 2023 USENIX Annual Technical Conference, Boston, MA 2023. 241 - 256.
BibTeX: Download