Carnegie Mellon University
The vast number of security incidents are caused by exploits against vulnerabilities for which a patch is already available, but that users simply did not install. Patch installation is often delayed because patches must be tested manually to make sure they do not introduce problems, especially at the enterprise level. In this paper, the authors propose a new tandem execution approach for automated patch testing. Their approach is based on a patch execution consistency model which maintains that a patch is safe to apply if the executions of the pre and post-patch program only differ on attack inputs. Tandem execution runs both pre and post-patch programs simultaneously in order to check for execution consistency.