|
Software vulnerabilities are an important vector for malware delivery. The software updating mechanisms, responsible for deploying the vulnerability patches, are in a race with the cyber attackers seeking to exploit the vulnerabilities. Moreover, these updating mechanisms have multiple, potentially conflicting, design goals, as they must quickly deploy patches on millions of hosts worldwide, must not overburden the users, and must avoid breaking dependencies in the deployment environment.
This project aims to model the dynamics of vulnerable host populations, in order to assess the practical barriers for current software updating mechanisms and the conflicts among their security and reliability goals. Using real-world data sets of update deployment events, the research studies the decay of vulnerable host populations empirically to identify deployment-specific factors that delay updates. Building on these insights, the project develops parameterized analytical models for update deployment, and uses these models to quantify the trade-offs between reliability and security when updating software. The models provide principled methods for reasoning about the properties of software updates in the presence of multiple design goals and enable improvements in software updating mechanisms by exploring a large design space. The researchers are disseminating the results from this project by organizing workshops on data-driven security, by releasing data sets with augmented information about software vulnerabilities, and by collaborating with industry partners to evaluate the proposed techniques in real-world settings.
Tudor Dumitras is an Assistant Professor in the Electrical & Computer Engineering Department at the University of Maryland, College Park. His research focuses on Big Data approaches to problems in system security and dependability. In his previous role at Symantec Research Labs he built the Worldwide Intelligence Network Environment (WINE) - a platform for experimenting with Big Data techniques. He received an Honorable Mention in the NSA competition for the Best Scientific Cybersecurity Paper of 2012. He also received the 2011 A. G. Jordan Award from the ECE Department at Carnegie Mellon University, the 2009 John Vlissides Award from ACM SIGPLAN, and the Best Paper Award at ASP-DAC'03. Tudor holds a Ph.D. degree from Carnegie Mellon University.
|
CRII: SaTC: Empirical and Analytical Models for the Deployment of Software Updates in Large Vulnerable Populations