INLINE PATCH PROXY FOR XEN HYPERVISOR

Application softwares running on end user or application servers are always prone to various attacks. These attacks not only harm applications but also waste network resources. Solutions to these problems are available as patches since a long time. Generally, people have been reluctant to patch their systems immediately, because patches are perceived to be unreliable and disruptive to apply. To address this problem we propose an inline patch proxy solution for Xen hypervisor. Inline solutions provided are vulnerability-specific, exploit-generic network solutions installed on end systems. The Inline patch module examines the incoming or outgoing traffic, vulnerable to applications, and removes these vulnerabilities to maintain secure traffic. The motive of the idea is to reduce the time difference between the release of a software patch and its actual deployment. Currently patching is promised by software developers, generally within hours (Varies as per the service level agreements) of occurrence of a vulnerable attack. The proposed idea is based on the reducing this time gap to a few seconds by placing the proposed module within the system. For unexposed attacks, time is needed to create new signatures which are generated in update server and pulled by the software running on host