The Attack of the Clones: A Study of the Impact of Shared Code on Vulnerability Patching
作者: Antonio Nappa , Richard Johnson , Leyla Bilge , Juan Caballero , Tudor Dumitras
DOI: 10.1109/SP.2015.48
关键词:
摘要: Vulnerability exploits remain an important mechanism for malware delivery, despite efforts to speed up the creation of patches and improvements in software updating mechanisms. Vulnerabilities client applications (e.g., Browsers, multimedia players, document readers editors) are often exploited spear phishing attacks difficult characterize using network vulnerability scanners. Analyzing their lifecycle requires observing deployment on hosts around world. Using data collected over 5 years 8.4 million hosts, available through Symantec's WINE platform, we present first systematic study patch client-side vulnerabilities. We analyze process 1,593 vulnerabilities from 10 popular applications, identify several new threats presented by multiple installations same program shared libraries distributed with applications. For 80 our dataset that affect code two time between releases different is 118 days (with a median 11 days). Furthermore, as patching rates differ considerably among many one application but not other one. demonstrate novel enable exploitation invoking old versions used infrequently, installed. also find fraction vulnerable patched when released at most 14%. Finally, show rate affected user-specific application-specific factors, example, belonging security analysts automated have significantly lower times patch.
ieee-security.org 参考文章(32)
Leyla Bilge, Tudor Dumitras, Before we knew it Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 833- 844 ,(2012) , 10.1145/2382196.2382284
Scott Yilek, Eric Rescorla, Hovav Shacham, Brandon Enright, Stefan Savage, When private keys are public Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference - IMC '09. pp. 15- 27 ,(2009) , 10.1145/1644893.1644896
Chris Grier, Andreas Pitsillidis, Niels Provos, M. Zubair Rafique, Moheeb Abu Rajab, Christian Rossow, Kurt Thomas, Vern Paxson, Stefan Savage, Geoffrey M. Voelker, Lucas Ballard, Juan Caballero, Neha Chachra, Christian J. Dietrich, Kirill Levchenko, Panayiotis Mavrommatis, Damon McCoy, Antonio Nappa, Manufacturing compromise Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 821- 832 ,(2012) , 10.1145/2382196.2382283
David Moore, Colleen Shannon, k claffy, Code-Red: a case study on the spread and victims of an internet worm acm special interest group on data communication. pp. 273- 284 ,(2002) , 10.1145/637201.637244
Gerhard Eschelbeck, The Laws of Vulnerabilities: Which security vulnerabilities really matter? Information Security Technical Report. ,vol. 10, pp. 213- 219 ,(2005) , 10.1016/J.ISTR.2005.09.005
Luca Allodi, Fabio Massacci, A preliminary analysis of vulnerability scores for attacks in wild Proceedings of the 2012 ACM Workshop on Building analysis datasets and gathering experience returns for security - BADGERS '12. pp. 17- 24 ,(2012) , 10.1145/2382416.2382427
Eric Rescorla, Security holes... who cares usenix security symposium. pp. 6- 6 ,(2003)
Durumeric Zakir, Li Frank, Kasten James, Amann Johanna, Beekman Jethro, Payer Mathias, Weaver Nicolas, Adrian David, Paxson Vern, Bailey Michael, The Matter of Heartbleed internet measurement conference. pp. 475- 488 ,(2014) , 10.1145/2663716.2663755
Ronald J. Deibert, Adam Senft, Greg Wiseman, Phillipa Gill, Byron Sonne, Masashi Crete-Nishihata, Katharine Kleemola, Seth Hardy, Targeted threat index: characterizing and quantifying politically-motivated targeted malware usenix security symposium. pp. 527- 541 ,(2014)
Tudor Dumitras, Darren Shou, Toward a standard benchmark for computer security research: the worldwide intelligence network environment (WINE) european conference on computer systems. pp. 89- 96 ,(2011) , 10.1145/1978672.1978683