Tudor Dumitraș

Assistant Professor
ECE Department
University of Maryland, College Park

Modeling the Deployment of Software Updates

Unpatched software vulnerabilities can allow cyber criminals to steal sensitive information (e.g. passwords, credit card numbers, medical records), to disseminate malware or to control the vulnerable hosts remotely. The software updating mechanisms, responsible for deploying the vulnerability patches, are in a race with the cyber attackers seeking to exploit the vulnerabilities. In this project, we are asking questions such as Does patching improve security? Can we patch vulnerabilities faster than attackers can exploit them? What factors delay the patching of software vulnerabilities? What are the trade-offs between security and reliability when updating software?

We are tackling these questions by measuring and modeling the dynamics of vulnerable host populations. In this project, we will build scalable systems for analyzing real-world data sets of update deployment events, we will employ these systems to identify deployment-specific factors that delay updates, and we will utilize these insights to design analytical models for Internet-wide update deployment. Our models will provide principled abstractions for reasoning about the properties of software updates and will enable improvements in software updating mechanisms by exploring a large design space.

The project is funded by the National Science Foundation, through the Secure and Trustworthy Cyberspace (SaTC) and Computer and Information Science and Engineering (CISE) Research Initiation Initiative (CRII) programs, and by the Science of Security lablet at the University of Maryland. Some of the research results from this project are described below.

Impact of Shared Code on Vulnerability Patching

We analyzed the patch deployment process of 1,593 vulnerabilities from 10 popular client applications, and we identified several new threats presented by multiple installations of the same program and by shared libraries distributed with several applications [Oakland 2015]. We found that the patching rates differ considerably among applications and application versions, and that many hosts patch only one instance of the vulnerability. We also found that the median fraction of vulnerable hosts patched when exploits are released is at most 14%.
[more information …]

References

  1. [Oakland 2015] A. Nappa, R. Johnson, L. Bilge, J. Caballero, and T. Dumitraș, “The Attack of the Clones: A Study of the Impact of Shared Code on Vulnerability Patching,” in IEEE Symposium on Security and Privacy, San Jose, CA, 2015.
    PDF

Comments