Improving cybersecurity hygiene through JIT patching

Araujo, Frederico; Taylor, Teryl

doi:10.1145/3368089.3417056

Cited by 13 publications

(9 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is because the reboots following patch deployment are necessary for the applied patch to take effect. Further, the service interruptions caused by the reboots have been widely acknowledged as a major obstacle in patch management across several domains [1,13,27,43,51].…”

Section: Discussionmentioning

confidence: 99%

“…To understand why and how delays occur in practice, we conducted a longitudinal study with two organisations (Org A and B) involving 21 participants from 8 teams in Australia. 1 In selecting the case organisations, we used a combination of purposive [46] and convenience [30] sampling to ensure that our data are representative of the substantive area through which the findings emerge. The demographics of the studied teams are illustrated in Table 1.…”

Section: Methodsmentioning

confidence: 99%

“…In addition, prior research has invested effort in improving the patch management process through both technical and socio-technical aspects. In the scope of technical enhancements, advancing automation in the security patch management process, for example, automated detection of faulty patches [8,14,32] and mechanisms for reducing system downtime in reboots [1,13,43], have been widely studied. However, the literature presents little empirical evidence of the socio-technical aspects relating to security patch management.…”

Section: Background and Motivationmentioning

confidence: 99%

“…Similarly, the need of human expertise in the process [8,12,27,51] and capacity limitations, specifically, lack of human resources [24,42,51] are mentioned as challenges in security patch management in the related studies. Further, several studies (e.g., [1,13,27,43,51]) have highlighted service disruption as a central challenge of patch deployment. Our study extends the knowledge on these challenges by showing how, why and when they contribute towards patching delays.…”

Section: Related Workmentioning

confidence: 99%

See 3 more Smart Citations

Why, How and Where of Delays in Software Security Patch Management: An Empirical Investigation in the Healthcare Sector

Nesara¹,

Zahedi²,

Jayatilaka³

et al. 2022

Preprint

View full text Add to dashboard Cite

Numerous security attacks that resulted in devastating consequences can be traced back to a delay in applying a security patch. Despite the criticality of timely patch application, not much is known about why and how delays occur when applying security patches in practice, and how the delays can be mitigated. Based on longitudinal data collected from 132 delayed patching tasks over a period of four years and observations of patch meetings involving eight teams from two organisations in the healthcare domain, and using quantitative and qualitative data analysis approaches, we identify a set of reasons relating to technology, people and organisation as key explanations that cause delays in patching. Our findings also reveal that the most prominent cause of delays is attributable to coordination delays in the patch management process and a majority of delays occur during the patch deployment phase. Towards mitigating the delays, we describe a set of strategies employed by the studied practitioners. This research serves as the first step towards understanding the practical reasons for delays and possible mitigation strategies in vulnerability patch management. Our findings provide useful insights for practitioners to understand what and where improvement is needed in the patch management process and guide them towards taking timely actions against potential attacks. Also, our findings help researchers to invest effort into designing and developing computer-supported tools to better support a timely security patch management process.CCS Concepts: • Security and privacy → Software security engineering; Vulnerability management; • Software and its engineering → Maintaining software.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Methodsmentioning

confidence: 99%

Section: Background and Motivationmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Why, How and Where of Delays in Software Security Patch Management: An Empirical Investigation in the Healthcare Sector

Nesara¹,

Zahedi²,

Jayatilaka³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…IBM researchers Araujo and Taylor [4] developed a just-in-time (JIT) patching framework called "Insider" for patching running legacy application processes. This was done by injecting and compiling the code inside the running processes while sandboxing malicious processes for threat investigations.…”

Section: Security Patchingmentioning

confidence: 99%

Threat Modeling and Security Analysis of Containers: A Survey

Wong¹,

Chekole²,

Ochoa³

et al. 2021

Preprint

View full text Add to dashboard Cite

Traditionally, applications that are used in large and small enterprises were deployed on "bare metal" servers installed with operating systems. Recently, the use of multiple virtual machines (VMs) on the same physical server was adopted due to cost reduction and flexibility. Nowadays, containers have become popular for application deployment due to smaller footprints than the VMs, their ability to start and stop more quickly, and their capability to pack the application binaries and their dependencies/libraries in standalone units for seamless portability. A typical container ecosystem includes a code repository (e.g., GitHub) where the container images are built from the codes and libraries and then pushed to the image registry (e.g., Docker Hub) for subsequent deployment as application containers. However, the pervasive use of containers also leads to a wide-range of security breaches such as attackers stealing credentials, source codes and sensitive data from image registry and code repository, carrying out DoS attacks on application containers, and gaining root access to misuse the underlying host resources, among others. In this paper, we first perform threat modeling on the containers ecosystem using the popular threat modeling framework, called STRIDE. Using STRIDE, we identify the vulnerabilities in each system component, and investigate potential security threats and their consequences. Then, we conduct a comprehensive survey on the existing countermeasures designed against the identified threats and vulnerabilities in containers. In particular, we assess the strengths and weaknesses of the existing mitigation strategies designed against such threats. We believe that this work will help researchers and practitioners to gain a deeper understanding of the threat landscape in containers and the state-of-the-art countermeasures. We also discuss open research problems, the research gaps and future research directions in containers security, which may ignite further research to be done in this area.

show abstract