Methods and apparatus for patching software in accordance with instituted patching policies
First Claim
1. A storage medium tangibly embodying a program of machine-readable instructions executable by a digital processing apparatus of an electronic device to perform operations for controlling software patching activities, the operations comprising:
- implementing a software patch control shell for controlling patching activities associated with a system component implemented at least in part via software comprising an application programming interface, the system component incorporated in the electronic device, the software patch control shell comprising one or more entry points of the application programming interface;
instituting a software patching policy to be used by the software patch control shell for controlling software patching activities; and
applying the software patching policy as potential software patching opportunities occur, wherein applying further comprises the software patch control shell performing the following;
monitoring particular calls to the one or more entry points of the application programming interface, wherein monitoring comprises capturing arguments and identities of the one or more entry points;
determining whether a particular call matches any syndromes indicative of behavior of the system component for which a patch exists, wherein determining comprises comparing the captured arguments and identities to active syndromes for the system component;
in response to the particular call matching a syndrome, installing a patch corresponding to the syndrome and, after installation of the patch, making the particular call to the entry point of the application programming interface.
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques are disclosed for controlling software patching activity. Techniques may implement a software shell and institute a patching policy to control patching activities. When implemented, the software shell acts as a barrier which permits patching of the underlying software only when the patching activity would be in accordance with the instituted patching policy. Various patching policies can be instituted. Patching may be performed when convenient; or just before when the software requiring the patch is needed; or patching may be blocked to prevent unwanted software characteristics and/or behavior. Patching may be delayed until confidence has been established in a new patch so as to avoid disrupting a computer system that is already functioning in an acceptable manner. A particular software action may be blocked so as to avoid the necessity of having to patch software, particularly when the action may interrupt the orderly function of a computer system.
29 Citations
29 Claims
-
1. A storage medium tangibly embodying a program of machine-readable instructions executable by a digital processing apparatus of an electronic device to perform operations for controlling software patching activities, the operations comprising:
-
implementing a software patch control shell for controlling patching activities associated with a system component implemented at least in part via software comprising an application programming interface, the system component incorporated in the electronic device, the software patch control shell comprising one or more entry points of the application programming interface; instituting a software patching policy to be used by the software patch control shell for controlling software patching activities; and applying the software patching policy as potential software patching opportunities occur, wherein applying further comprises the software patch control shell performing the following; monitoring particular calls to the one or more entry points of the application programming interface, wherein monitoring comprises capturing arguments and identities of the one or more entry points; determining whether a particular call matches any syndromes indicative of behavior of the system component for which a patch exists, wherein determining comprises comparing the captured arguments and identities to active syndromes for the system component; in response to the particular call matching a syndrome, installing a patch corresponding to the syndrome and, after installation of the patch, making the particular call to the entry point of the application programming interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A storage medium tangibly embodying a program of machine-readable instructions executable by a digital processing apparatus of an electronic device to perform operations for instituting and controlling a software patching policy, the operations comprising:
-
instituting a software patching policy to be used by electronic devices accessible over a network; making a software patch control shell available to the electronic devices over the network, the software patch control shell to be installed by the electronic devices incorporating a system component implemented at least in part via software comprising an application programming interface, the software patch control shell configured to comprise one or more entry points of the application programming interface; making the software patching policy available to the electronic devices over the network, and the software patch control shell is configured to perform; monitoring particular calls to the one or more entry points of the application programming interface, wherein monitoring comprises capturing arguments and identities of the one or more entry points; determining whether a particular call matches any syndromes indicative of behavior of the system component for which a patch exists, wherein determining comprises comparing the captured arguments and identities to active syndromes for the system component; and in response to the particular call matching a syndrome, installing a patch corresponding to the syndrome and, after installation of the patch, making the particular call to the entry point of the application programming interface; monitoring a source of software patches; examining a particular patch issued by the source of software patches to determine whether the patch is permitted under the software patching policy; and issuing an advisory message to the electronic devices over the network indicating circumstances in which the particular patch issued by the source of software patches should be implemented. - View Dependent Claims (12, 13, 14)
-
-
15. A system for managing software patching activity, the system comprising a software patching activity manager, the software patching activity manager comprising:
-
at least one memory to store at least one program of machine-readable instructions, where the at least one program performs operations for instituting and controlling a software patching policy; a network interface for use in communicating over a network with a source of software patches and with electronic devices subject to the software patching policy; at least one processor coupled to the at least one memory and network interface, where the at least one processor performs at least the following operations when the at least one program is executed; creating a software patching policy to be used by the electronic devices; making a software patch control shell available to the electronic devices over the network, the software patch control shell to be installed by the electronic devices incorporating a system component implemented at least in part via software comprising an application programming interface, the software patch control shell configured to comprise one or more entry points of the application programming interface; and issuing the software patching policy to the electronic devices through the network interface, and the software patch control shell is configured to perform; monitoring particular calls to the one or more entry points of the application programming interface, wherein monitoring comprises capturing arguments and identities of the one or more entry points; determining whether a particular call matches any syndromes indicative of behavior of the system component for which a patch exists, wherein determining comprises comparing the captured arguments and identities to active syndromes for the system component; and in response to the particular call matching a syndrome, installing a patch corresponding to the syndrome and, after installation of the patch, making the particular call to the entry point of the application programming interface. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. An apparatus, comprising:
-
at least one memory to store at least one program of machine-readable instructions; at least one processor coupled to the at least one memory, where the at least one processor performs at least the following operations when the at least one program is executed; implementing a software patch control shell for controlling patching activities associated with a system component implemented at least in part via software comprising an application programming interface, the system component incorporated in the electronic device, the software patch control shell comprising one or more entry points of the application programming interface; instituting a software patching policy to be used by the software patch control shell for controlling software patching activities; and applying the software patching policy as potential software patching opportunities occur, wherein applying further comprises the software patch control shell performing the following; monitoring particular calls to the one or more entry points of the application programming interface, wherein monitoring comprises capturing arguments and identities of the one or more entry points; determining whether a particular call matches any syndromes indicative of behavior of the system component for which a patch exists, wherein determining comprises comparing the captured arguments and identities to active syndromes for the system component; and in response to the particular call matching a syndrome, installing a patch corresponding to the syndrome and, after installation of the patch, making the particular call to the entry point of the application programming interface. - View Dependent Claims (25, 26, 27, 28, 29)
-
Specification