production sites. Only Authorized EGI CSIRT members and site security staffs can check the result through a web interface (https://pakiti.egi.eu/). An alerting email will also be sent to EGI CSIRT if a critical vulnerability has been detected. Until 2012, Pakiti server has collected about 400,000 reports from 22,000 nodes of 335 production sites over 6 months period [45].
Moreover, Pakiti is enough to be integrated into an existing monitoring infrastructure.
There are two ways from Pakiti server receive all information from clients. First is traditional way that the client sends the data directly to the server using HTTPS. Second is the client prints the data to its standard output, to let another monitoring tool such as Nagios [46] transfer the data to the server using another messaging mechanism.
4.3 Offline Patch Management
By now, there are many kinds of commercial or non-commercial software to manage patches on the market, however, most of them are focus on online system not offline system.
Nuwa is researched in an offline manner.
4.3.1 Nuwa
American North Carolina State University and IBM have invented a new way to update system patches in cloud virtual machines even if those system programs are offline.
The new patch management tool developed by them is called Nuwa [47]. It not only protects virtual machines from malicious attacks but also ensures these virtual machines always receive important security upgrades. Nuwa avoids the expensive virtual machines start and stop time, it ensures when a virtual machine image is ready to be started, it has the up-to-date patches installed. In addition, the researchers have determined that offline
‧
application of security patches is more than four times faster than online patch application.
Current patch management systems are designed for computers that are online and they do not work for dormant computers. Nuwa is developed automatically analyzes the ‘script’
that dictates how a security patch is installed, and then automatically re-writes the script to make it compatible with an offline system.
Usually patch scripts are written in shell scripts. In fact, patching an offline virtual machine image, one thing needs to care about is the changes made to the file system in the virtual machine image. When presented with a patch, Nuwa first performs safety analysis on the patch scripts included in the original patch. If all scripts are safe, Nuwa utilizes simple emulation-based patch directly to perform offline patch. If some scripts are unsafe, Nuwa applies various rewriting techniques to these scripts, and performs safety analysis on the rewritten scripts. If these rewriting techniques can successfully convert the unsafe scripts to safe one, Nuwa will utilize simple emulation-based patch with the rewritten patch to finish offline patch. Emulation-based patch is to perform the file replacement actions from another host, referred to as the patch host. The patch host can mount and access an offline virtual machine images as a part of its own file system. Using the chroot [48]
system call to change the root file system to the mount point, the patch host can emulate an environment required by the patch process on a running virtual machine and perform the file system actions originally developed for patching a running virtual machine. Therefore if some scripts are unsafe, Nuwa applies various rewriting techniques to successfully convert the unsafe scripts to safe ones. Figure 4-3 shows the rewriting techniques that Nuwa applies before executing each patch script. Rewriting a script can change the results of safety analysis, so Nuwa returns safety analysis after applying these techniques.
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
If safety analysis proves that all command lines in the script are safe, then the rewritten script is executed offline. Otherwise, Nuwa resorts to online patch.
Figure 4-3 Flow of script analysis and rewriting[47].
Nuwa utilizes and improves Mirage [30] techniques that developed by IBM, that is used for performing efficient offline introspection and manipulation of a large collection of virtual machine images, to allow cloud administrators to patch multiple virtual machines simultaneously. A program already exists that allows cloud computing systems to operate more efficiently by saving one version of a computer file that is used by multiple virtual machines, rather than saving the same file repeatedly for each individual virtual machine.
Nuwa takes advantage of this technology and, by patching one file, can ultimately protect all of the virtual machines that use that file. Figure 4-4 shows the two phases of batch patch via Mirage. Phase 1 performs the loop-invariant operation: Nuwa extracts the patch’s files and imports them into Mirage. The result is a list of content identifiers, one for each file. In phase 2, Nuwa iterates over the images. For each image, Nuwa mounts the image with Vmount, rewrites and executes the pre-installation scripts, emulates the
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
“unpack” step of the package manager (e.g., dpkg), using the Mirage file system attribute to set the contents of the patch’s files, rewrites and executes the post-installation scripts, and checks in the modified virtual machine image. If script rewriting ever fails to produce a safe script, then Nuwa resorts to online patch. North Carolina State University and IBM have successfully tested and evaluated Nuwa on the IBM Research Compute Cloud, a compute cloud that is used by IBM researchers worldwide.
Figure 4-4 Batch patch virtual machine images via Mirage[47].
As the result, Nuwa is a novel tool to enable efficient patch of offline virtual machine images. It uses safety analysis and script rewriting techniques to convert patches, or more specifically the installation scripts contained in patches, which were originally developed for online updating, into a form that can applied to virtual machine images offline. Its advantage will be useful to improve online or offline virtual machine image security
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
patches.