Visible to the public Human Behavior and Cyber Vulnerabilities - UMD - October 2016Conflict Detection Enabled

Submitted by jkatz on Mon, 09/26/2016 - 8:30am

PI(s): VS Subrahmanian
Researchers: Ziyun Zhu, Srijan Kumar, Arunesh Mathur, Noseong Park, Josefine Engel, Brahm Persaud, Sorour Amiri, and Liangzhe Chen (graduate students), and Tudor Dumitras, Marshini Chetty, and Aditya Prakash (faculty)

 

HARD PROBLEM(S) ADDRESSED

Understanding and Accounting for Human Behavior

Security-Metrics-Driven Evaluation, Design, Development, and Deployment

PROJECT SYNOPSIS
When a vulnerability is exploited, software vendors often release patches fixing the vulnerability. However, our prior research has shown that some vulnerabilities continue to be exploited more than four years after their disclosure. Why? We posit that there are both technical and sociological reasons for this. On the technical side, it is unclear how quickly security patches are disseminated, and how long it takes to patch all the vulnerable hosts on the Internet. On the sociological side, users/administrators may decide to delay the deployment of security patches. Our goal in this task is to validate and quantify these explanations. Specifically, we seek to characterize the rate of vulnerability patching, and to determine the factors--both technical and sociological--that influence the rate of applying patches.

PUBLICATIONS

  1. Arunesh Mathur, Sonam Sobti, Josefine Engel, Victoria Chang, and Marshini Chetty. "They Keep Coming Back Like Zombies: Improving Software Updating Interfaces." Symposium on Usable Privacy and Security (SOUPS), 2016.

  2.  S. Jajodia, N. Park, E. Serra, and V.S. Subrahmanian. "Using Temporal Probabilistic Logic for Optimal Monitoring of Security Events with Limited Resources," accepted for publication in Journal of Computer Security, June 2016.

  3. V.S. Subrahmanian, A. Azaria, S. Durst, V. Kagan, A. Galstyan, K. Lerman, L. Zhu, E. Ferrara, A. Flammini, F. Menczer, A. Stevens, A. Dekhtyar, S. Gao, T. Hogg, F. Kooti, Y. Liu, O. Varol, P. Shiralkar, V. Vydiswaran, Q. Mei, and T. Huang. "The DARPA Twitter Bot Challenge,"  IEEE Computer, June 2016, pages 38-46. 

ACCOMPLISHMENT HIGHLIGHTS

We analyzed our data of users' current software updating behaviors from a field study of 125 users who participated in a survey and interviews in Summer 2014 and 22 users who participated in a think aloud study to evaluate a low fidelity minimally intrusive, information rich, and user-centric software updating interface in Spring 2015. The paper was published at SOUPS'16.  

Groups: