Patch Me If You Can: A Study on the Effects of Individual User Behavior on the End-Host Vulnerability State
作者: Armin Sarabi , Ziyun Zhu , Chaowei Xiao , Mingyan Liu , Tudor Dumitraş
DOI: 10.1007/978-3-319-54328-4_9
关键词:
摘要: In this paper we study the implications of end-user behavior in applying software updates and patches on information-security vulnerabilities. To end tap into a large data set measurements conducted more than 400,000 Windows machines over four client-side applications, separate out impact user vendor vulnerability states hosts. Our modeling users empirical evaluation model hosts reveal peculiar relationship between vendors end-users: users’ promptness patches, vendors’ policies facilitating installation updates, while both contributing to hosts’ security posture, are overshadowed by other characteristics such as frequency disclosures swiftness deploying patches.
springer.com
sci-hub.st 参考文章(26)
J. McHugh, W.L. Fithen, W.A. Arbaugh, Windows of vulnerability: a case study analysis IEEE Computer. ,vol. 33, pp. 52- 59 ,(2000) , 10.1109/2.889093
Sandy Clark, Michael Collis, Matt Blaze, Jonathan M. Smith, Moving Targets: Security and Rapid-Release in Firefox computer and communications security. pp. 1256- 1266 ,(2014) , 10.1145/2660267.2660320
Leyla Bilge, Tudor Dumitras, Before we knew it Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 833- 844 ,(2012) , 10.1145/2382196.2382284
Scott Yilek, Eric Rescorla, Hovav Shacham, Brandon Enright, Stefan Savage, When private keys are public Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference - IMC '09. pp. 15- 27 ,(2009) , 10.1145/1644893.1644896
Chris Grier, Andreas Pitsillidis, Niels Provos, M. Zubair Rafique, Moheeb Abu Rajab, Christian Rossow, Kurt Thomas, Vern Paxson, Stefan Savage, Geoffrey M. Voelker, Lucas Ballard, Juan Caballero, Neha Chachra, Christian J. Dietrich, Kirill Levchenko, Panayiotis Mavrommatis, Damon McCoy, Antonio Nappa, Manufacturing compromise Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 821- 832 ,(2012) , 10.1145/2382196.2382283
Gerhard Eschelbeck, The Laws of Vulnerabilities: Which security vulnerabilities really matter? Information Security Technical Report. ,vol. 10, pp. 213- 219 ,(2005) , 10.1016/J.ISTR.2005.09.005
Eric Rescorla, Security holes... who cares usenix security symposium. pp. 6- 6 ,(2003)
Durumeric Zakir, Li Frank, Kasten James, Amann Johanna, Beekman Jethro, Payer Mathias, Weaver Nicolas, Adrian David, Paxson Vern, Bailey Michael, The Matter of Heartbleed internet measurement conference. pp. 475- 488 ,(2014) , 10.1145/2663716.2663755
O.H. Alhazmi, Y.K. Malaiya, I. Ray, Measuring, analyzing and predicting security vulnerabilities in software systems Computers & Security. ,vol. 26, pp. 219- 228 ,(2007) , 10.1016/J.COSE.2006.10.002
E. Rescorla, Is finding security holes a good idea ieee symposium on security and privacy. ,vol. 3, pp. 14- 19 ,(2005) , 10.1109/MSP.2005.17