Installation, removal or update of software products is a very time consuming activity, especially in a data processing system including a great number of computers (or endpoints). A typical example is that of a large network with hundreds of workstations, wherein software products are periodically upgraded in order to be abreast of the information technology development.
Software distribution applications have been proposed in the last years to assist a system administrator in efficiently managing the deployment of software products from a central site of the system; an example of software distribution application is the “IBM Tivoli Configuration Manager or ITCM” by IBM Corporation. Typically, a software distribution application controls the building of software packages including commands that specify the actions to be carried out on the endpoints for enforcing the desired configuration; each software package can further embed an image of the software products to be installed on the endpoints. The software package is distributed to selected target endpoints, and it is then applied by executing the corresponding commands.
A drawback of the solutions known in the art is that whoever manages to log in the software distribution application can start the deployment of any software package. This may cause problems when an intruder has accessed the system fraudulently, or even when an error is performed unintentionally. For example, it is possible to deploy software packages infected by harmful code (such as viruses, worms, trojans, and the like). This kind of attacks may have detrimental effects on the system; particularly, the harmful code can adversely affect operation of the endpoints (down to a complete stop of the whole system), or it can be exploited to access confidential information. The problem is particular acute in environments having strict security requirements (such as government, military or financial organizations).
Moreover, no mechanism is available in the software distribution applications known in the art for managing the confidentiality of the information that is deployed. Particularly, there is not the possibility of restricting the access to any distributed software package. Indeed, whatever endpoint receiving the software package (either fraudulently or by mistake) is able to apply it; therefore, the available solutions are unable to ensure that the software package is applied on the desired target endpoints only.