Providing security updates and patches to programs running on computers and servers operating in a shared, or “cloud computing” environment is now possible thanks to technology created at N.C. State and IBM.
The tool is called “Nuwa” after the Chinese mythical goddess “best known for creating mankind and repairing the wall of heaven,” according to Wikipedia.
Nuwa enables patches and updates to be made even if the programs are offline, NCSU and IBM say.
“We’ve designed a way to patch these virtual machines while they are offline, so that they are kept up to date in terms of security protection,” said Dr. Peng Ning, professor of computer science at NCSU and co-author of a paper about the research. “Current patching systems are designed for computers that are online and they don’t work for dormant computers or virtual machines. The tool we developed automatically analyzes the ‘script’ that dictates how a security patch is installed, and then automatically re-writes the script to make it compatible with an offline system.”
The paper, titled “Always Up-to-date – Scalable Offline Patching of VM Images in a Compute Cloud,” will be presented at a computer security applications conference in Austin, Tx. On Dec. 10.
VM refers to virtual machines.
“Patching is a critical security service that keeps computer systems up to date and defends against security threats,” an abstract of the paper says. “Existing patching systems all require running systems. With the increasing adoption of virtualization and cloud computing services, there is a growing number of dormant virtual machine (VM) images. Such VM images cannot benefit from existing patching systems, and thus are often left vulnerable to emerging security threats. It is possible to bring VM images online, apply patches, and capture the VMs back to dormant images. However, such approaches suffer from unpredictability, performance challenges, and high operational costs, particularly in large-scale compute clouds where there could be thousands of dormant VM images.”
Virtualization enables a machine to run multiple operating systems at the same time. Virtual machines can be tasked to collaborate on specific projects.
Nuwa, combined with IBM techniques called Mirage, allows administrators to simultaneously patch and update virtual machines. “Nuwa takes advantage of this technology and, by patching one file, can ultimately protect all of the VMs that use that file,” IBM and NCSU said.
The National Science Foundation and IBM financed the research.
Read the full announcement and an abstract from the paper here.
Get the latest news alerts: Follow LTW at Twitter.