NC State, IBM Develop Nuwa to Patch Offline Virtual Machines

From DailyTech: The computing world makes wide use of virtual machines which often spend long periods sitting inactive when not needed. The problem with the long inactive periods is that with the VM offline no security patches are applied leaving them vulnerable to attacks once they “wake up”.

IBM and researchers from North Carolina State University has come up with a new way to patch VMs even if the VM is in offline mode and not in use. The tool allows users to patch large numbers of VMs in a cloud and is called Nuwa. The name of the tool comes from a mythical Chinese goddess that patched a hole in the sky.

The team of researchers also says that it found that patching the VMs offline was four times faster than patching the virtual machines when they were online. The Nuwa tool uses techniques developed by IBM called Mirage used for offline inspection and manipulation of large numbers of VMs.

“We’ve designed a way to patch these virtual machines while they are offline, so that they are kept up to date in terms of security protection,” says Dr. Peng Ning, professor of computer science at NC State and co-author of a paper describing the research. “Current patching systems are designed for computers that are online and they don’t work for dormant computers or virtual machines. The tool we developed automatically analyzes the ‘script’ that dictates how a security patch is installed, and then automatically re-writes the script to make it compatible with an offline system.”

Nuwa takes advantage of existing technology that allows VMs to run one version of a computer file in use by multiple VMs rather than having to run an individual instance of the file for each VM utilizing it. Using this tech all Nuwa needs to do is patch one version of the file and all VMs running the file are patched as well.

View: Article @ Source Site