Because software security patches relay information about vulnerabilities, they can be reverse engineered into exploits. Tools for doing this already exist. As a result, there is a race between hackers and end-users to first obtain patches. In this paper we present and evaluate FirePatch, an intrusion-tolerant dissemination mechanism that combines encryption, replication, and sandboxing such that end-users are able to win the security patch race.
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.