Runtime software patching aims to minimize or eliminate service downtime, user interruptions and potential data losses while deploying a patch. Due to modern software systems' high variance and heterogeneity, no universal solutions are available or proposed to deploy and execute patches at runtime. Existing runtime software patching solutions focus on specific cases, scenarios, programming languages and operating systems. This paper aims to identify, investigate and synthesize state-of-the-art runtime software patching approaches and gives an overview of currently unsolved challenges. It further provides insights on multiple aspects of runtime patching approaches such as patch scales, general strategies and responsibilities. This study identifies seven levels of granularity, two key strategies providing a conceptual model of three responsible entities and four capabilities of runtime patching solutions. Through the analysis of the existing literature, this research also reveals open issues hindering more comprehensive adoption of runtime patching in practice. Finally, it proposes several crucial future directions that require further attention from both researchers and practitioners.
翻译:运行时软件补丁的目的是在部署补丁时尽量减少或消除服务性故障、用户中断和潜在数据损失。由于现代软件系统差异和差异很大,没有通用的解决方案可用或拟议在运行时部署和执行补丁;现有的运行时软件补丁解决方案侧重于具体案例、假设情景、编程语言和操作系统;本文件旨在查明、调查和综合最新运行时软件补补补办法,并概述目前尚未解决的挑战;进一步介绍了运行时补丁方法的多个方面,如补丁尺度、一般战略和职责等。本研究报告确定了7个颗粒等级,两个关键战略提供了3个负责实体的概念模型和4个运行时补丁解决方案能力。通过对现有文献的分析,本研究报告还揭示了阻碍更全面地采用运行时补补补办法的未决问题。最后,它提出了需要研究人员和从业人员进一步关注的未来几个关键方向。