Binary Information Press
Patch Package Management System (PMS) plays an important role in computer system security. The PMS should properly and securely process patch packages even under attack. The main contributions of this paper are proposing a new model about the threats faced by PMS nowadays, and defining a set of empirical security design principles of PMS for the first time. In addition, secure PMSs are designed and implemented in accordance with these principles on different operating systems. By comparing with several popular PMSs, the result shows that the authors' software can give better performance on ensuring the security of the computer system.