Should I Bother? Fast Patch Filtering for Statically-Configured Software Variants

Publikation: Beitrag in Buch/Bericht/Sammelwerk/KonferenzbandAufsatz in KonferenzbandForschungPeer-Review

Autoren

  • Tobias Landsberg
  • Christian Dietrich
  • Daniel Lohmann

Organisationseinheiten

Externe Organisationen

  • Technische Universität Braunschweig
Forschungs-netzwerk anzeigen

Details

OriginalspracheEnglisch
Titel des Sammelwerks28th ACM International Systems and Software Product Line Conference, Proceedings
UntertitelSPLC 2024
Herausgeber/-innenMaxime Cordy, Daniel Struber, Daniel Struber, Monica Pinto, Iris Groher, Deepak Dhungana, Jacob Kruger, Juliana Alves Pereira, Mathieu Acher, Thomas Thum, Thomas Thum, Maurice H. ter Beek, Jessie Galasso-Carbonnel, Paolo Arcaini, Mohammad Reza Mousavi, Xhevahire Ternava, Jose A. Galindo, Tao Yue, Lidia Fuentes, Jose Miguel Horcas
Seiten12-23
Seitenumfang12
ISBN (elektronisch)9798400705939
PublikationsstatusVeröffentlicht - 2 Sept. 2024
Veranstaltung28th ACM International Systems and Software Product Line Conference, SPLC 2024 - Dommeldange, Luxemburg
Dauer: 2 Sept. 20246 Sept. 2024

Publikationsreihe

NameACM International Conference Proceeding Series

Abstract

In the face of critical security vulnerabilities, patch and update management are a crucial and challenging part of the software life cycle. In software product families, patching becomes even more challenging as we have to support different variants, which are not equally affected by critical patches. While the naive “better-patched-than-sorry” approach will apply all necessary updates, it provokes avoidable costs for developers and customers. In this paper we introduce SiB (Should I Bother?), a heuristic patch-filtering method for statically-configurable software that efficiently identifies irrelevant patches for specific variants. To solve the variability-aware patch-filtering problem, SiB compares modified line ranges from patches with those source-code ranges included in variants currently deployed. We apply our prototype for CPP-managed variability to four open-source projects (Linux, OpenSSL, SQLite, Bochs), demonstrating that SiB is both effective and efficient in reducing the number of to-be-considered patches for unaffected software variants. It correctly classifies up to 68 percent of variants as unaffected, with a recall of 100 percent, thus reducing deployments significantly, without missing any relevant patches.

ASJC Scopus Sachgebiete

Zitieren

Should I Bother? Fast Patch Filtering for Statically-Configured Software Variants. / Landsberg, Tobias; Dietrich, Christian; Lohmann, Daniel.
28th ACM International Systems and Software Product Line Conference, Proceedings: SPLC 2024. Hrsg. / Maxime Cordy; Daniel Struber; Daniel Struber; Monica Pinto; Iris Groher; Deepak Dhungana; Jacob Kruger; Juliana Alves Pereira; Mathieu Acher; Thomas Thum; Thomas Thum; Maurice H. ter Beek; Jessie Galasso-Carbonnel; Paolo Arcaini; Mohammad Reza Mousavi; Xhevahire Ternava; Jose A. Galindo; Tao Yue; Lidia Fuentes; Jose Miguel Horcas. 2024. S. 12-23 (ACM International Conference Proceeding Series).

Publikation: Beitrag in Buch/Bericht/Sammelwerk/KonferenzbandAufsatz in KonferenzbandForschungPeer-Review

Landsberg, T, Dietrich, C & Lohmann, D 2024, Should I Bother? Fast Patch Filtering for Statically-Configured Software Variants. in M Cordy, D Struber, D Struber, M Pinto, I Groher, D Dhungana, J Kruger, J Alves Pereira, M Acher, T Thum, T Thum, MH ter Beek, J Galasso-Carbonnel, P Arcaini, MR Mousavi, X Ternava, JA Galindo, T Yue, L Fuentes & JM Horcas (Hrsg.), 28th ACM International Systems and Software Product Line Conference, Proceedings: SPLC 2024. ACM International Conference Proceeding Series, S. 12-23, 28th ACM International Systems and Software Product Line Conference, SPLC 2024, Dommeldange, Luxemburg, 2 Sept. 2024. https://doi.org/10.1145/3646548.3672585
Landsberg, T., Dietrich, C., & Lohmann, D. (2024). Should I Bother? Fast Patch Filtering for Statically-Configured Software Variants. In M. Cordy, D. Struber, D. Struber, M. Pinto, I. Groher, D. Dhungana, J. Kruger, J. Alves Pereira, M. Acher, T. Thum, T. Thum, M. H. ter Beek, J. Galasso-Carbonnel, P. Arcaini, M. R. Mousavi, X. Ternava, J. A. Galindo, T. Yue, L. Fuentes, & J. M. Horcas (Hrsg.), 28th ACM International Systems and Software Product Line Conference, Proceedings: SPLC 2024 (S. 12-23). (ACM International Conference Proceeding Series). https://doi.org/10.1145/3646548.3672585
Landsberg T, Dietrich C, Lohmann D. Should I Bother? Fast Patch Filtering for Statically-Configured Software Variants. in Cordy M, Struber D, Struber D, Pinto M, Groher I, Dhungana D, Kruger J, Alves Pereira J, Acher M, Thum T, Thum T, ter Beek MH, Galasso-Carbonnel J, Arcaini P, Mousavi MR, Ternava X, Galindo JA, Yue T, Fuentes L, Horcas JM, Hrsg., 28th ACM International Systems and Software Product Line Conference, Proceedings: SPLC 2024. 2024. S. 12-23. (ACM International Conference Proceeding Series). doi: 10.1145/3646548.3672585
Landsberg, Tobias ; Dietrich, Christian ; Lohmann, Daniel. / Should I Bother? Fast Patch Filtering for Statically-Configured Software Variants. 28th ACM International Systems and Software Product Line Conference, Proceedings: SPLC 2024. Hrsg. / Maxime Cordy ; Daniel Struber ; Daniel Struber ; Monica Pinto ; Iris Groher ; Deepak Dhungana ; Jacob Kruger ; Juliana Alves Pereira ; Mathieu Acher ; Thomas Thum ; Thomas Thum ; Maurice H. ter Beek ; Jessie Galasso-Carbonnel ; Paolo Arcaini ; Mohammad Reza Mousavi ; Xhevahire Ternava ; Jose A. Galindo ; Tao Yue ; Lidia Fuentes ; Jose Miguel Horcas. 2024. S. 12-23 (ACM International Conference Proceeding Series).
Download
@inproceedings{0519c4f1c8f6496fb311d28488f69508,
title = "Should I Bother?: Fast Patch Filtering for Statically-Configured Software Variants",
abstract = "In the face of critical security vulnerabilities, patch and update management are a crucial and challenging part of the software life cycle. In software product families, patching becomes even more challenging as we have to support different variants, which are not equally affected by critical patches. While the naive “better-patched-than-sorry” approach will apply all necessary updates, it provokes avoidable costs for developers and customers. In this paper we introduce SiB (Should I Bother?), a heuristic patch-filtering method for statically-configurable software that efficiently identifies irrelevant patches for specific variants. To solve the variability-aware patch-filtering problem, SiB compares modified line ranges from patches with those source-code ranges included in variants currently deployed. We apply our prototype for CPP-managed variability to four open-source projects (Linux, OpenSSL, SQLite, Bochs), demonstrating that SiB is both effective and efficient in reducing the number of to-be-considered patches for unaffected software variants. It correctly classifies up to 68 percent of variants as unaffected, with a recall of 100 percent, thus reducing deployments significantly, without missing any relevant patches.",
keywords = "Patch Filtering, Software Evolution, Software Product Lines",
author = "Tobias Landsberg and Christian Dietrich and Daniel Lohmann",
note = "Publisher Copyright: {\textcopyright} 2024 Copyright held by the owner/author(s).; 28th ACM International Systems and Software Product Line Conference, SPLC 2024 ; Conference date: 02-09-2024 Through 06-09-2024",
year = "2024",
month = sep,
day = "2",
doi = "10.1145/3646548.3672585",
language = "English",
series = "ACM International Conference Proceeding Series",
pages = "12--23",
editor = "Maxime Cordy and Daniel Struber and Daniel Struber and Monica Pinto and Iris Groher and Deepak Dhungana and Jacob Kruger and {Alves Pereira}, Juliana and Mathieu Acher and Thomas Thum and Thomas Thum and {ter Beek}, {Maurice H.} and Jessie Galasso-Carbonnel and Paolo Arcaini and Mousavi, {Mohammad Reza} and Xhevahire Ternava and Galindo, {Jose A.} and Tao Yue and Lidia Fuentes and Horcas, {Jose Miguel}",
booktitle = "28th ACM International Systems and Software Product Line Conference, Proceedings",

}

Download

TY - GEN

T1 - Should I Bother?

T2 - 28th ACM International Systems and Software Product Line Conference, SPLC 2024

AU - Landsberg, Tobias

AU - Dietrich, Christian

AU - Lohmann, Daniel

N1 - Publisher Copyright: © 2024 Copyright held by the owner/author(s).

PY - 2024/9/2

Y1 - 2024/9/2

N2 - In the face of critical security vulnerabilities, patch and update management are a crucial and challenging part of the software life cycle. In software product families, patching becomes even more challenging as we have to support different variants, which are not equally affected by critical patches. While the naive “better-patched-than-sorry” approach will apply all necessary updates, it provokes avoidable costs for developers and customers. In this paper we introduce SiB (Should I Bother?), a heuristic patch-filtering method for statically-configurable software that efficiently identifies irrelevant patches for specific variants. To solve the variability-aware patch-filtering problem, SiB compares modified line ranges from patches with those source-code ranges included in variants currently deployed. We apply our prototype for CPP-managed variability to four open-source projects (Linux, OpenSSL, SQLite, Bochs), demonstrating that SiB is both effective and efficient in reducing the number of to-be-considered patches for unaffected software variants. It correctly classifies up to 68 percent of variants as unaffected, with a recall of 100 percent, thus reducing deployments significantly, without missing any relevant patches.

AB - In the face of critical security vulnerabilities, patch and update management are a crucial and challenging part of the software life cycle. In software product families, patching becomes even more challenging as we have to support different variants, which are not equally affected by critical patches. While the naive “better-patched-than-sorry” approach will apply all necessary updates, it provokes avoidable costs for developers and customers. In this paper we introduce SiB (Should I Bother?), a heuristic patch-filtering method for statically-configurable software that efficiently identifies irrelevant patches for specific variants. To solve the variability-aware patch-filtering problem, SiB compares modified line ranges from patches with those source-code ranges included in variants currently deployed. We apply our prototype for CPP-managed variability to four open-source projects (Linux, OpenSSL, SQLite, Bochs), demonstrating that SiB is both effective and efficient in reducing the number of to-be-considered patches for unaffected software variants. It correctly classifies up to 68 percent of variants as unaffected, with a recall of 100 percent, thus reducing deployments significantly, without missing any relevant patches.

KW - Patch Filtering

KW - Software Evolution

KW - Software Product Lines

UR - http://www.scopus.com/inward/record.url?scp=85203839201&partnerID=8YFLogxK

U2 - 10.1145/3646548.3672585

DO - 10.1145/3646548.3672585

M3 - Conference contribution

AN - SCOPUS:85203839201

T3 - ACM International Conference Proceeding Series

SP - 12

EP - 23

BT - 28th ACM International Systems and Software Product Line Conference, Proceedings

A2 - Cordy, Maxime

A2 - Struber, Daniel

A2 - Struber, Daniel

A2 - Pinto, Monica

A2 - Groher, Iris

A2 - Dhungana, Deepak

A2 - Kruger, Jacob

A2 - Alves Pereira, Juliana

A2 - Acher, Mathieu

A2 - Thum, Thomas

A2 - Thum, Thomas

A2 - ter Beek, Maurice H.

A2 - Galasso-Carbonnel, Jessie

A2 - Arcaini, Paolo

A2 - Mousavi, Mohammad Reza

A2 - Ternava, Xhevahire

A2 - Galindo, Jose A.

A2 - Yue, Tao

A2 - Fuentes, Lidia

A2 - Horcas, Jose Miguel

Y2 - 2 September 2024 through 6 September 2024

ER -