When major vulnerabilities like Shellshock arise, patching the problem is often only half the battle. Far more important is the need for every user to update their system. At the time of Shellshock, there were up to a hundred million machines vulnerable to attack. The upgrade that solved the problem could have taken anywhere from 10 seconds to the weeks it took Apple to riddle out its security problems. In addition, users are often not likely to want to install updates, as they are often long, data heavy, and necessitate long periods of shutdown or other inconveniences.

We aim to change that. Our framework uses a unique form of suffix sort to achieve something called binary differentiation. This allows us to ship updates in the form of only the binary code that needs to be changed. As a result, the size of updates and their load on network traffic shrinks significantly. (We estimate by a possible factor of 10.) In addition, the update process consists entirely of byte-wise subtraction, a fast and comparatively inexpensive operation that allows updates to occur in fractions of a second, and when timed well, being completely invisible to the user and having no effect on their activities.

Share this project: