A secure patch management authority

ResearchSpace/Manakin Repository

Show simple item record

dc.contributor.advisor Janczewski, Lech en
dc.contributor.author Colarik, Andrew M. en
dc.date.accessioned 2007-07-20T06:39:38Z en
dc.date.available 2007-07-20T06:39:38Z en
dc.date.issued 2003 en
dc.identifier THESIS 04-162 en
dc.identifier.citation Thesis (PhD--Information Systems and Operations Management)--University of Auckland, 2003 en
dc.identifier.uri http://hdl.handle.net/2292/1017 en
dc.description Full text is available to authenticated members of The University of Auckland only. en
dc.description.abstract Throughout the Software Development Life Cycle, products are maintained, enhanced and periodically patched until they are retired or replaced. It is because of the way in which software is initially deployed that ongoing maintenance becomes a critical element in extending a software product's life cycle. It is the ongoing, incremental development process, and an interactive dependence of system platforms, interoperability requirements, and time-to-market pressures that inadvertently produce software defects. In addition to faults and systematic improvements of product features that are required of software products, security breaches are periodically discovered. The result is the issuing of software patches. These patches have become so frequent that it has become a principle system management issue. A systems administrator who is responsible for security measures needs to track, install said updates, and document their corrective actions. The time between the discovery of a software breach and the resulting patch creates system vulnerability. The time between the issuance of the patch and the resulting install creates system vulnerability. The possible corruption of the patch prior to the delivery phase and/or during delivery creates additional vulnerabilities. The difficulties of identifying, acquiring, and installing patches is further exacerbated by the multitude of software vendors that do not work in tandem, and operate their own patch distribution systems. Patch management systems contain elements of software management, patch generation and accessibility, and delivery mechanisms. Secure patch management systems focus primarily on the secure delivery of the patch. This thesis provides an exploration of patch management models, methods, and systems, and seeks to identify the underlying processes of secure patch management systems. What is proposed and detailed is a Secure Patch Management Authority architecture as one possible solution to improving the time between patch issuance and installation. This authority will work with patch originators to provide timely notification of new patches, facilitate the distribution of said patches in a secure manner, and provide patch implementation confirmation and error reporting back to the patch originators. A critical component of this architecture is a new cryptographic algorithm that provides integrity verification and error control triangulation in the transport of the patches. en
dc.language.iso en en
dc.publisher ResearchSpace@Auckland en
dc.relation.ispartof PhD Thesis - University of Auckland en
dc.relation.isreferencedby UoA99121203514002091 en
dc.rights Restricted Item. Available to authenticated members of The University of Auckland. en
dc.rights Items in ResearchSpace are protected by copyright, with all rights reserved, unless otherwise indicated. en
dc.rights.uri https://researchspace.auckland.ac.nz/docs/uoa-docs/rights.htm en
dc.title A secure patch management authority en
dc.type Thesis en
thesis.degree.discipline Information Systems and Operations Management en
thesis.degree.grantor The University of Auckland en
thesis.degree.level Doctoral en
thesis.degree.name PhD en
dc.rights.holder Copyright: The author en

Full text options

This item appears in the following Collection(s)

Show simple item record


Search ResearchSpace

Advanced Search