Abstract
Software fixes, patches and updates are issued periodically to extend the functional life cycle of software products. In order to facilitate the prompt notification, delivery, and installation of updates, the software industry has responded with update and patch management systems. Because of the proprietary nature of these systems, improvement efforts by academic researchers are greatly restricted. One solution to increasing our understanding of the underlying components and processes is architectural recovery. One contribution to recreating an architecture is the examination of design specification literature, such as patents. If a sizeable amount of similar and hopefully diverse patents can be examined, then some general conclusions about the components and processes of existing systems may be formulated. In this paper, we present an analytic framework consisting of a five-phase protocol taxonomy based on thirty-three software-based update and patch management system patents and patent applications. Furthermore, we present a decomposition of the security design provisions contained within the patent literature, and provide some general trends derived from the data. We suggest that this research may be used to improve the security services aspect of update and patch management system products.
Chapter PDF
Similar content being viewed by others
References
CERT Coordination Center Statistics, http://www.cert.org/stats/cert_stats.html, 2003.
Common Criteria Management Committee, “Common Criteria for Information Technology Security Evaluation, Part I: Introduction and general model, Version 2.1”, August 1999.
Colarik, Andrew, “A Secure Patch Management Authority”, PhD Thesis, University of Auckland, November 2003.
Eixelsberger et al., “Recovery of Architectural Structure: A Case Study”, Proceedings of Second International ESPRIT ARES Workshop, LNCS 1429, pp. 89–96, 1998.
Johnson, Samuel, “American Heritage Dictionary of the English Language, Fourth Edition”, Houghton Mifflin Company, 2000.
Kazman, Rick, and Carriere, S. Jeromy, “Playing Detective: Reconstructing Software Architecture from Available Evidence”, Automated Software Engineering, 6, pp. 107–138, 1999.
Landwehr et al., “A Taxonomy of Computer Program Security Flaws”, ACM Computing Surveys, 26(3), September 1994.
Open Group, “The Open Group Architectural Framework Version 7”, http://www.opengroup.org/togaf/p3/trm/tx/tx_secur.htm, 2003.
Payne, Christian, “The Role of the Development Process in Operating System Security”, Proceedings of the Third Information Security Workshop, LNCS 1975, 2000.
Shaw, Mary, and Garlan, David, Software Architecture: Perspectives on an Emerging Discipline, Prentice Hall, 1996.
Sowa, J.F., and Zachman, J.A., “Extending and formalizing the framework for information systems architecture”, IBM Systems Journal, 31(3), 1992.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer Science + Business Media, Inc.
About this paper
Cite this paper
Colarik, A., Thomborson, C., Janczewski, L. (2004). Update/Patch Management Systems. In: Deswarte, Y., Cuppens, F., Jajodia, S., Wang, L. (eds) Information Security Management, Education and Privacy. IFIP International Federation for Information Processing, vol 148. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8145-6_5
Download citation
DOI: https://doi.org/10.1007/1-4020-8145-6_5
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4020-8144-6
Online ISBN: 978-1-4020-8145-3
eBook Packages: Springer Book Archive