Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Practical dynamic software updating for C
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
POLUS: A POwerful Live Updating System
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
OPUS: online patches and updates for security
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Ksplice: automatic rebootless kernel updates
Proceedings of the 4th ACM European conference on Computer systems
Immediate multi-threaded dynamic software updates using stack reconstruction
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
Differential Slicing: Identifying Causal Execution Differences for Security Applications
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Katana: Towards Patching as a Runtime Part of the Compiler-Linker-Loader Toolchain
International Journal of Secure Software Engineering
Hi-index | 0.00 |
Android is currently the largest mobile platform with around 750 million devices worldwide. Unfortunately, more than 30% of all devices contain publicly known security vulnerabilities and, in practice, cannot be updated through normal mechanisms since they are not longer supported by the manufacturer and mobile operator. This failure of traditional patch distribution systems has resulted in the creation of a large population of vulnerable mobile devices. In this paper, we present PatchDroid, a system to distribute and apply third-party security patches for Android. Our system is designed for device-independent patch creation, and uses in-memory patching techniques to address vulnerabilities in both native and managed code. We created a fully usable prototype of PatchDroid, including a number of patches for well-known vulnerabilities in Android devices. We evaluated our system on different devices from multiple manufacturers and show that we can effectively patch security vulnerabilities on Android devices without impacting performance or usability. Therefore, PatchDroid represents a realistic path towards dramatically reducing the number of exploitable Android devices in the wild.