You are here

Home

Live Patching of Virtual Machines with Limited Guest Support

Agency:
Department of Defense
Branch:
Air Force
Program | Phase | Year:
SBIR | Phase I | 2014
Solicitation:
2014.1
Topic Number:
AF141-044

NOTE: The Solicitations and topics listed on this site are copies from the various SBIR agency solicitations and are not necessarily the latest and most up-to-date. For this reason, you should use the agency link listed below which will take you directly to the appropriate agency server where you can read the official version of this solicitation and download the appropriate forms and rules.

The official link for this solicitation is: http://www.acq.osd.mil/osbp/sbir/solicitations/index.shtml


Release Date:

November 20, 2013

Open Date:

December 20, 2013

Application Due Date:

January 22, 2014

Close Date:

January 22, 2014

Description:

OBJECTIVE: This topic seeks to advance the state of the art towards being able to apply patches to a running guest virtual machine directly from the hypervisor without specialized software running on the guest. DESCRIPTION: Patch management plays an important role in ensuring the overall security posture of machines. Traditionally, enterprise level patch management is conducted through the use of privileged end-point software that runs on the manage system. The patches and configuration changes can then be pushed to the end-points from a central server. Patch management in Cloud Computing essentially follows the same concept where the same end-point software is installed onto the virtual machines. This same paradigm is used even for dormant virtual machine images that are not running [1,2]. Given the advancement of virtual machine introspection [3] techniques for digital forensics and malware analysis [4,5], there is an opportunity to investigate the ability to apply patches to a live virtual machine with limited or no guest support. In this manner, critical, user-managed, misconfigured or malfunctioning virtual machines can still receive critical patches or configuration updates. This topic seeks to advance the state of the art towards being able to apply patches to a running guest virtual machine directly from the hypervisor without specialized software running on the guest. The proposed solution needs to have a sound argument for and evidence to support the notion that the patch will be applied and the guest will not be rendered unstable. Additional metrics, such as the kind or type of patches that can be applied or the size of a guest module (if necessary), should also be proposed when necessary. PHASE I: Define the type or kind of patches that can be applied to a live virtual machine and a technique for patching. Develop and demonstrate live patching on a proof-of-concept prototype. PHASE II: Develop the prototype designed during Phase I and test it against the proposed metrics. Demonstrate live patching of virtual machines from the hypervisor using real-world patches on COTS systems. Prepare for commercialization. PHASE III DUAL USE APPLICATIONS: Work with the DoD to demonstrate that the prototype developed during Phase II can also be applied to DoD systems and software. Further demonstrate the capability through multiple Guest Operating System platforms, e.g., Windows 7, Ubuntu Linux, etc.
US Flag An Official Website of the United States Government