vPatcher: VMI-Based Transparent Data Patching to Secure Software in the Cloud

Quick defense against the spread of software exploits is an important problem, and hot patching is an attractive approach to solve this problem. However, these approaches cannot adapt to cloud well, which brings new challenges to the protection of software. Among these challenges, transparency and rapid deployment are two respective requirements for protection. In this paper, we propose vPatcher, a transparent data patching technique based on Virtual Machine Introspection. Vpatcher uses hypervisor to monitor the network connections of vulnerable programs in protected guest systems, deployed outside the Virtual Machines, without disturbing the target guest systems. Given the vulnerability signatures, vPatcher intercepts network packets, scans these packets for vulnerable processes by reconstructing fine-grained system semantics that include process states as well as corresponding network connections, detects them with their vulnerability signatures, and finally filters exploits. We adopted several realistic vulnerable programs used broadly to evaluate the effectiveness of the technique, and experimental results showed its efficacy and that the overhead is acceptable. In addition, the experiments also show that it could be transparent to guest systems, and suitable for rapid deployment in cloud platforms.