Human Behavior and Cyber Vulnerabilities - UMD - October 2015
PI(s): VS Subrahmanian
Researchers: Ziyun Zhu, Arunesh Mathur, Josefine Engel, Brahm Persaud, Sorour Amiri, and Liangzhe Chen (graduate students), and Tudor Dumitras, Marshini Chetty, and Aditya Prakash (faculty)
HARD PROBLEM(S) ADDRESSED
Understanding and Accounting for Human Behavior
Security-Metrics-Driven Evaluation, Design, Development, and Deployment
PROJECT SYNOPSIS
When a vulnerability is exploited, software vendors often release patches fixing the vulnerability. However, our prior research has shown that some vulnerabilities continue to be exploited more than four years after their disclosure. Why? We posit that there are both technical and sociological reasons for this. On the technical side, it is unclear how quickly security patches are disseminated, and how long it takes to patch all the vulnerable hosts on the Internet. On the sociological side, users/administrators may decide to delay the deployment of security patches. Our goal in this task is to validate and quantify these explanations. Specifically, we seek to characterize the rate of vulnerability patching, and to determine the factors--both technical and sociological--that influence the rate of applying patches.
PUBLICATIONS
ACCOMPLISHMENT HIGHLIGHTS