Author manuscript, published in "4th AOSD Workshop on Aspects Components and Patterns for Infrastucture Software (2005)"Software security patchesAudit, deployment and hot updateNicolas Loriant, Marc Segur´ a-Devillechaise, Jean-Marc MenaudObasco Group´Ecole des Mines de Nantes, INRIA4 rue Alfred Kastler44307 Nantes, Francenloriant,msegura,jmenaud@emn.frABSTRACT their network e cien tly. Our framework is based on twotools, Minerve and Arachne [13]. The rst reduces the timeDue to its ever growing complexity, software is and will prob-ably never be 100% bug-free and secure. Therefore in most spent to audit and to adapt the patch by translating regularpatches into aspect source code. The second is a dynamiccases, software companies publish updates regularly. For thelack of time or care, or maybe because stopping an applica- weaver that deploys the translated patches on the y freeingadministrators from the hassle of negotiating with users.tion is annoying, such updates are rarely, if ever, deployedon users’ machines.This paper is organized as follows: section 2 describes aglobal view of our framework and shows how it integratesWe propose an integrated tool allowing system administra-tors to deploy critical security updates on the y on appli- itself in the usual patch deployment process. Sections 3 and4 present Minerve and Arachne respectively. Section 5 sum-cations running remotely and without the intervention ofthe end-user. Our approach is based on ...