Methods and apparatus for patching software in accordance with instituted patching policies

US 8,271,966 B2
Filed: 06/05/2008
Issued: 09/18/2012
Est. Priority Date: 01/17/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A storage medium tangibly embodying a program of machine-readable instructions executable by a digital processing apparatus of an electronic device to perform operations for controlling software patching activities, the operations comprising:

implementing a software patch control shell for controlling patching activities associated with a system component implemented at least in part via software comprising an application programming interface, the system component incorporated in the electronic device, the software patch control shell comprising one or more entry points of the application programming interface;

instituting a software patching policy to be used by the software patch control shell for controlling software patching activities; and

applying the software patching policy as potential software patching opportunities occur, wherein applying further comprises the software patch control shell performing the following;

monitoring particular calls to the one or more entry points of the application programming interface, wherein monitoring comprises capturing arguments and identities of the one or more entry points;

determining whether a particular call matches any syndromes indicative of behavior of the system component for which a patch exists, wherein determining comprises comparing the captured arguments and identities to active syndromes for the system component;

in response to the particular call matching a syndrome, installing a patch corresponding to the syndrome and, after installation of the patch, making the particular call to the entry point of the application programming interface.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are disclosed for controlling software patching activity. Techniques may implement a software shell and institute a patching policy to control patching activities. When implemented, the software shell acts as a barrier which permits patching of the underlying software only when the patching activity would be in accordance with the instituted patching policy. Various patching policies can be instituted. Patching may be performed when convenient; or just before when the software requiring the patch is needed; or patching may be blocked to prevent unwanted software characteristics and/or behavior. Patching may be delayed until confidence has been established in a new patch so as to avoid disrupting a computer system that is already functioning in an acceptable manner. A particular software action may be blocked so as to avoid the necessity of having to patch software, particularly when the action may interrupt the orderly function of a computer system.

29 Citations

View as Search Results

29 Claims

1. A storage medium tangibly embodying a program of machine-readable instructions executable by a digital processing apparatus of an electronic device to perform operations for controlling software patching activities, the operations comprising:
- implementing a software patch control shell for controlling patching activities associated with a system component implemented at least in part via software comprising an application programming interface, the system component incorporated in the electronic device, the software patch control shell comprising one or more entry points of the application programming interface;
  
  instituting a software patching policy to be used by the software patch control shell for controlling software patching activities; and
  
  applying the software patching policy as potential software patching opportunities occur, wherein applying further comprises the software patch control shell performing the following;
  
  monitoring particular calls to the one or more entry points of the application programming interface, wherein monitoring comprises capturing arguments and identities of the one or more entry points;
  
  determining whether a particular call matches any syndromes indicative of behavior of the system component for which a patch exists, wherein determining comprises comparing the captured arguments and identities to active syndromes for the system component;
  
  in response to the particular call matching a syndrome, installing a patch corresponding to the syndrome and, after installation of the patch, making the particular call to the entry point of the application programming interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The storage medium of claim 1 wherein the software patching policy allows a particular software patch to be installed only if it is established that a user of the electronic device actually uses a software feature that requires the particular patch.
  - 3. The storage medium of claim 1 wherein the software patching policy allows a particular software patch to be installed only at a time that is convenient for a user of the electronic device.
  - 4. The storage medium of claim 1 wherein the software patching policy allows a particular patch to be installed only at a time when a user of the electronic device has indicated that a software feature which requires the particular software patch will be used for a first time since the particular patch became available.
  - 5. The storage medium of claim 1 where the software patching policy is instituted on a category basis, wherein certain categories of software patches will be installed and certain categories of software patches will be blocked.
  - 6. The storage medium of claim 1 where the operations further comprise:
    - receiving information that a particular patch which is otherwise desirable has a deleterious effect on operations of the electronic device only when a particular software feature is used;
      
      permitting installation of the particular patch; and
      
      blocking use of the particular software feature which causes the deleterious effect when using software which has installed the particular patch.
  - 7. The storage medium of claim 1, wherein the software patch control shell further performs the following:
    - in response to a second particular call matching a second syndrome, determining if a policy indicates one of a patch should be installed, the second particular call should be blocked, or the second particular call should be performed;
      
      in response to the policy indicating the patch should be installed, installing the patch corresponding to the second syndrome and, after the patch, making the second particular call to the entry point of the application programming interface;
      
      in response to the policy indicating the second particular call should be blocked, blocking the second particular call to the entry point of the application programming interface; and
      
      in response to the policy indicating the second particular call should be performed, performing the second particular call without installing the patch corresponding to the second syndrome.
  - 8. The storage medium of claim 1, wherein the software patch control shell comprises all of the entry points to the application programming interface of the system component.
  - 9. The storage medium of claim 1, wherein the syndrome comprises a name of a particular entry point and one or more values of arguments passed through a particular entry point, the monitoring further comprises capturing names of the one or more entry points and values of arguments passed through the one or more entry points, and wherein determining whether a particular call matches any syndromes indicative of behavior of the system component for which a patch exists further comprises determining whether any of the captured names match the name of the particular entry point and whether captured one or more values of the arguments match corresponding one or more values of the arguments passed through the particular entry point.
  - 10. The storage medium of claim 1, wherein monitoring particular calls further comprise monitoring only some of the entry points to the application programming interface and not monitoring others of the entry points to the application programming interface.

11. A storage medium tangibly embodying a program of machine-readable instructions executable by a digital processing apparatus of an electronic device to perform operations for instituting and controlling a software patching policy, the operations comprising:
- instituting a software patching policy to be used by electronic devices accessible over a network;
  
  making a software patch control shell available to the electronic devices over the network, the software patch control shell to be installed by the electronic devices incorporating a system component implemented at least in part via software comprising an application programming interface, the software patch control shell configured to comprise one or more entry points of the application programming interface;
  
  making the software patching policy available to the electronic devices over the network, and the software patch control shell is configured to perform;
  
  monitoring particular calls to the one or more entry points of the application programming interface, wherein monitoring comprises capturing arguments and identities of the one or more entry points;
  
  determining whether a particular call matches any syndromes indicative of behavior of the system component for which a patch exists, wherein determining comprises comparing the captured arguments and identities to active syndromes for the system component; and
  
  in response to the particular call matching a syndrome, installing a patch corresponding to the syndrome and, after installation of the patch, making the particular call to the entry point of the application programming interface;
  
  monitoring a source of software patches;
  
  examining a particular patch issued by the source of software patches to determine whether the patch is permitted under the software patching policy; and
  
  issuing an advisory message to the electronic devices over the network indicating circumstances in which the particular patch issued by the source of software patches should be implemented.
- View Dependent Claims (12, 13, 14)
- - 12. The storage medium of claim 11 wherein the software patching policy allows a particular software patch to be installed only if it is established that a particular user of an electronic device potentially subject to the particular patch actually uses a software feature that requires the particular software patch.
  - 13. The storage medium of claim 11 wherein the software patching policy allows a particular software patch to be installed only at a time that is convenient for a user of the electronic device.
  - 14. The storage medium of claim 11 wherein the software patching policy allows a particular software patch to be installed only at a time when a user of a particular electronic device has indicated that a software feature which requires the particular software patch will be used for a first time since the particular software patch became available.

15. A system for managing software patching activity, the system comprising a software patching activity manager, the software patching activity manager comprising:
- at least one memory to store at least one program of machine-readable instructions, where the at least one program performs operations for instituting and controlling a software patching policy;
  
  a network interface for use in communicating over a network with a source of software patches and with electronic devices subject to the software patching policy;
  
  at least one processor coupled to the at least one memory and network interface, where the at least one processor performs at least the following operations when the at least one program is executed;
  
  creating a software patching policy to be used by the electronic devices;
  
  making a software patch control shell available to the electronic devices over the network, the software patch control shell to be installed by the electronic devices incorporating a system component implemented at least in part via software comprising an application programming interface, the software patch control shell configured to comprise one or more entry points of the application programming interface; and
  
  issuing the software patching policy to the electronic devices through the network interface, and the software patch control shell is configured to perform;
  
  monitoring particular calls to the one or more entry points of the application programming interface, wherein monitoring comprises capturing arguments and identities of the one or more entry points;
  
  determining whether a particular call matches any syndromes indicative of behavior of the system component for which a patch exists, wherein determining comprises comparing the captured arguments and identities to active syndromes for the system component; and
  
  in response to the particular call matching a syndrome, installing a patch corresponding to the syndrome and, after installation of the patch, making the particular call to the entry point of the application programming interface.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
- - 16. The system of claim 15 wherein creating a software patching policy further comprises:
    - analyzing patches available at the source of software patches; and
      
      determining which patches should be instituted in the electronic devices subject to the software patching policy.
  - 17. The system of claim 16 wherein determining which patches should be instituted further comprises:
    - gathering information concerning operational experiences with patches available at the source of software patches; and
      
      adopting particular software patches for implementation by the electronic devices subject to the software patching policy only if operational experiences with particular patches meet at least one predetermined criterion.
  - 18. The system of claim 15 wherein the operations further comprise:
    - monitoring the source of software patches for new patches as new patches become available;
      
      detecting a new patch;
      
      examining the new patch issued by the source of software patches to determine whether the patch is permitted under the software patching policy; and
      
      issuing an advisory message to the electronic devices over the network indicating circumstances in which the new patch issued by the source of software patches should be implemented, if at all.
  - 19. The system of claim 18 wherein the operations further comprise:
    - before issuing the advisory message, monitoring sources reporting experiences with the new patch; and
      
      issuing an advisory message allowing implementation of the new software patch in the electronic devices only if reported experiences with the new patch meet at least one predetermined criterion.
  - 20. The system of claim 18 wherein the operations further comprise:
    - before issuing the advisory message, performing a cost-benefit analysis of the new patch by comparing costs and benefits associated with implementation of the new patch; and
      
      issuing an advisory message allowing implementation of the new software patch in the electronic device only if the new patch meets at least one predetermined cost-benefit criterion.
  - 21. The system of claim 20 wherein a cost associated with implementation of the software patch analyzed by the software patching activity manager is selected from the group comprised of:
    - user time to implement the new patch;
      
      cost of bandwidth to download the new patch;
      
      storage space required to store the new patch; and
      
      user time necessary to undo the new patch if the patch is determined to be faulty.
  - 22. The system of claim 15 wherein the software patching policy allows later software patches to be substituted for earlier software patches.
  - 23. The system of claim 15 further comprising an electronic device subject to the software patching policy, the electronic device further comprising:
    - at least one memory to store at least one program of machine-readable instructions, where the at least one program performs operations for implementing the software patching policy issued by the software patching activity manager;
      
      a network interface for use in communicating over a network with the software patching activity manager and the source of software patches;
      
      at least one processor coupled to the at least one memory and the network interface, where the at least one processor performs at least the following operations when the at least one program is executed;
      
      receiving the software patching policy issued by the software patching activity manager; and
      
      performing software patching activities of software incorporated in the electronic device in accordance with the software patching policy issued by the software patching activity manager, wherein performing software patching activities further comprises installing and executing the software patch control shell.

24. An apparatus, comprising:
- at least one memory to store at least one program of machine-readable instructions;
  
  at least one processor coupled to the at least one memory, where the at least one processor performs at least the following operations when the at least one program is executed;
  
  implementing a software patch control shell for controlling patching activities associated with a system component implemented at least in part via software comprising an application programming interface, the system component incorporated in the electronic device, the software patch control shell comprising one or more entry points of the application programming interface;
  
  instituting a software patching policy to be used by the software patch control shell for controlling software patching activities; and
  
  applying the software patching policy as potential software patching opportunities occur, wherein applying further comprises the software patch control shell performing the following;
  
  monitoring particular calls to the one or more entry points of the application programming interface, wherein monitoring comprises capturing arguments and identities of the one or more entry points;
  
  determining whether a particular call matches any syndromes indicative of behavior of the system component for which a patch exists, wherein determining comprises comparing the captured arguments and identities to active syndromes for the system component; and
  
  in response to the particular call matching a syndrome, installing a patch corresponding to the syndrome and, after installation of the patch, making the particular call to the entry point of the application programming interface.
- View Dependent Claims (25, 26, 27, 28, 29)
- - 25. The apparatus of claim 24 wherein the software patching policy allows a particular software patch to be installed only if it is established that a user of the electronic device actually uses a software feature that requires the particular patch.
  - 26. The apparatus of claim 24 wherein the software patching policy allows a particular software patch to be installed only at a time that is convenient for a user of the electronic device.
  - 27. The apparatus of claim 24 wherein the software patching policy allows a particular patch to be installed only at a time when a user of the electronic device has indicated that a software feature which requires the particular software patch will be used for a first time since the particular patch became available.
  - 28. The apparatus of claim 24 where the software patching policy is instituted on a category basis, wherein certain categories of software patches will be installed and certain categories of software patches will be blocked.
  - 29. The apparatus of claim 24 where the operations further comprise:
    - receiving information that a particular patch which is otherwise desirable has a deleterious effect on operations of the electronic device only when a particular software feature is used;
      
      permitting installation of the particular patch; and
      
      blocking use of the particular software feature which causes the deleterious effect when using software which has installed the particular patch.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bantz, David F., Chefalas, Thomas E., Mastrianni, Steven J., Pickover, Clifford A.
Primary Examiner(s)
Wong, Don
Assistant Examiner(s)
Aguilera, Todd

Application Number

US12/133,546
Publication Number

US 20080235678A1
Time in Patent Office

1,566 Days
Field of Search

None
US Class Current

717/168
CPC Class Codes

G06F 9/4484 Executing subprograms

Methods and apparatus for patching software in accordance with instituted patching policies

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for patching software in accordance with instituted patching policies

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links