Automated Security Checking and Patching Using TestTalk patching, test automation While it is difficult to assure that a computer system is secure, theoretically it should not be difficult to apply available patches and block attacks of known types. Yet in many computer system security incidents, attackers successfully intrude computer systems by exploiting known weaknesses. The reason those computer systems remain vulnerable even after vulnerabilities are known is that it requires constant attention to stay on top of security updates. In addition, it is often both time-consuming and error-prone to apply security patches to deployed systems. It is not surprising that many system administrators fail to keep up with security updates.

To solve this problem, we propose to develop a framework for automated security checking and patching. The framework, named Securibot, provides a self-operating mechanism for security checking and patching. Securibot adopts the TestTalk test automation technique we developed for automated software testing. It performs security testing and analysis using security profiles and security updates, both of which are specified in TestTalk. Securibot can also detect compromised systems using attack signatures, also specified in TestTalk. Most important, the Securibot framework allows system vendors to publish recently discovered security weaknesses and new patches in TestTalk so that the Securibot system running on deployed systems can automatically check out security updates and apply the patches.

In this paper, we describe the type of security problems that Securibot intends to solve. We also explain our multi-platform and tool-neutral test automation technique, how this technique can be applied to security testing and analysis, and why it fits. Finally, we illustrate the benefits that Securibot can bring to both system administrators and connected home computer owners.