Analysis of ghost patches

Supervisor(s)Dr. Pascal Schöttle


One problem with patching software vulnerabilities is that an attacker will know from the patch about the existence of the vulnerability in unpatched systems. To circumvent this problem, a recent approach, called ghost patches hides the real patch among several faux patches. By publishing only the binaries of the ghost (=real + faux) patches, an attacker should not be able to decide which of the patched vulnerabilities was actually real and which were faux.

The focus of this thesis is on the analysis of the proposed patch generation algorithm. For this, ghost patches have to be generated and the binaries analyzed. Then, faux and real patches have to be evaluated with statistical means.


  • Avery, J. and Spafford, E.H. Ghost Patches: Fake Patches for Fake Vulnerabilities. In S. De Capitani di Vimercati and F. Martinelli, eds., ICT Systems Security and Privacy Protection: 32nd IFIP TC 11 International Conference, SEC 2017, Proceedings. Springer International Publishing, 2017, pp. 399–412.