“Restart required.” The words are guaranteed to bring a groan from computer users. And for busy system administrators, they are even more annoying: applying critical system updates to protect a machine against attack must be balanced with the demands of hundreds or even thousands of users. Software from a new company called Ksplice addresses this dilemma with updates that do not require a restart.
In order to install an update while a computer continues running, a software patch must be carefully structured so that it doesn’t interfere with the operating system’s current operations. This is a difficult and delicate process, and Ksplice addresses it by working at a different level of computer architecture. Most update technologies use the same programming language as the operating system itself. The computer has to translate these instructions into a lower-level language. Ksplice’s software sidesteps this process, analyzing the changes that an update would make at a low level and implementing them using the lower level language.
The technology was developed by cofounder Jeff Arnold while he was a graduate student at MIT, and last week, it won the grand prize at the Institute’s $100K Entrepreneurship Competition.
Waseem Daher, cofounder and chief operating officer, explains that the approach adopted by Ksplice saves it from restructuring instructions in a higher-level programming language on the fly. So far, Ksplice has developed its new update technology for the Linux operating system–which is commonly used to control server machines–although Daher says that the technology could work on other operating systems too.
Ksplice is intended to work for all security patches. “If you don’t have a complete solution, it’s basically useless,” Daher says.
In tests conducted from May 2005 to May 2008, Ksplice was able to install 88 percent of Linux security updates automatically and without a reboot. The remaining updates could be installed without rebooting when a human programmer added a few lines of code.
Ksplice hopes to license its technology directly to software vendors, and then provide the human expertise needed to keep the system working. While Ksplice searches for deals with vendors, Daher says that the company will offer a subscription service to convert patches for clients so that they do not require a reboot.
Since February 2008, MIT has used the technology to update two critical servers, one of which gets more than 37 million hits each month. Greg Price, who is on the executive committee of the MIT Student Information Processing Board, which maintains the servers, says, “Before Ksplice, everyone assumed that rebooting for updates–choosing between being secure and staying up–was just a technical necessity that nobody would overcome.”
Michael Hicks, an associate professor of computer science at the University of Maryland, says that a reliable system for updating without restarting could have a major impact. However, Hicks adds that doing the job safely is a major challenge. “The whole point of live updating is to keep the system running correctly,” he says. “If applying the patch causes the system to crash or makes it run incorrectly, then we’re no better, and potentially worse, than we would be otherwise.”
While Hicks is impressed by how much Ksplice can do automatically, he says that more research is needed to make the technology useful for a broader range of patches. He is researching this himself through a project called Ginseng.
Iulian Neamtiu, an assistant professor of computer science at the University of California, Riverside, who has also worked on Ginseng, says that Ksplice is aimed at a market that sorely needs it: Internet services running on Linux, such as e-mail and Web servers. It’s of paramount importance for these services to apply security updates as soon as possible without sacrificing availability to clients, Neamtiu says. But he hopes to see similar technologies used in other contexts. “I would love to be able to update the operating system or the applications I use on my laptop, desktop, or cell phone without having to reboot,” he says.