Measuring Security Practices and How They Impact Security

DeKoven, Louis F.; Randall, Audrey; Mirian, Ariana; Akiwate, Gautam; Blume, Ansel; Saul, Lawrence K.; Schulman, Aaron; Voelker, Geoffrey M.; Savage, Stefan

doi:10.1145/3355369.3355571

Cited by 9 publications

(7 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Neither the ISP nor the IXP ow data contain any payload data, thus no user information. We distinguish user IPs from server IPs and anonymize by hashing all user IPs, following the method described in [5]. e address space of the ISP residential users is known.…”

Section: Isp (Isp-vpmentioning

confidence: 99%

“…Existing solutions focus on instrumenting testbeds or home environments to collect and analyze full packet captures [3][4][5], local search for IoT anomalies [6,7], active measurements [8,9], or data from antivirus companies running scan campaigns from users homes [7]. In isolation, these data sources do not provide enough insights for preventing network-wide a acks from IoT devices [10].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Haystack Full of Needles

Saidi

Mandalari

Kolcun

et al. 2020

Proceedings of the ACM Internet Measurement Conference

View full text Add to dashboard Cite

Consumer Internet of ings (IoT) devices are extremely popular, providing users with rich and diverse functionalities, from voice assistants to home appliances. ese functionalities o en come with signi cant privacy and security risks, with notable recent largescale coordinated global a acks disrupting large service providers.us, an important rst step to address these risks is to know what IoT devices are where in a network. While some limited solutions exist, a key question is whether device discovery can be done by Internet service providers that only see sampled ow statistics. In particular, it is challenging for an ISP to e ciently and e ectively track and trace activity from IoT devices deployed by its millions of subscribers-all with sampled network data.In this paper, we develop and evaluate a scalable methodology to accurately detect and monitor IoT devices at subscriber lines with limited, highly sampled data in-the-wild. Our ndings indicate that millions of IoT devices are detectable and identi able within hours, both at a major ISP as well as an IXP, using passive, sparsely sampled network ow headers. Our methodology is able to detect devices from more than 77% of the studied IoT manufacturers, including popular devices such as smart speakers. While our methodology is e ective for providing network analytics, it also highlights signi cant privacy consequences.

show abstract

Section: Isp (Isp-vpmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A Haystack Full of Needles

Saidi

Mandalari

Kolcun

et al. 2020

Proceedings of the ACM Internet Measurement Conference

View full text Add to dashboard Cite

show abstract

“…Tracking the currentness of end-user software hence requires passive measurements using a vantage point that can illuminate version adoption at scale. Second, even if access to such a vantage point is possible, determining useful information, such as the current version of a particular application, is a complex task [11]. While HTTP(S)-based communication has long emerged as the preferred way for applications to communicate, there is no standardized or universally adopted method that applications use to convey their current version to the server they communicate with.…”

Section: Introductionmentioning

confidence: 99%

“…These have ranged from general characteristics of User-Agent strings [23], to studying User-Agent uniqueness [14], it's implications in device proling [40,47], and abuse of UAs [49]. Similar to our approach, information extracted from User-Agent headers has been used to track software adoption [11,21]. Our work greatly expands on the scope and scale of these related works, providing a signicantly longer measurement period, covering orders of magnitude more clients and applications.…”

Section: Introductionmentioning

confidence: 99%

“…These include Heartbleed [12], Spectre [24] and Meltdown [27]. Other studies have looked at adoption rates of client software updates by analyzing traces collected at a University campus [11] and by using an antivirus on-host vantage point to track application updates for millions of hosts over several years, but are limited to a small set of popular applications [29,39]. A very recent study utilizes Facebook as a vantage point to characterize out-ofdate browsers [25].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Who's left behind?

Rula

Richter

Smaragdakis

et al. 2020

Proceedings of the ACM Internet Measurement Conference

View full text Add to dashboard Cite

This work presents a large-scale, longitudinal measurement study on the adoption of application updates, enabling continuous reporting of potentially vulnerable software populations worldwide. Studying the factors impacting software currentness, we investigate and discuss the impact of the platform and its updating strategies on software currentness, device lock-in eects, as well as user behavior. Utilizing HTTP User-Agent strings from end-hosts, we introduce techniques to extract application and operating system information from myriad structures, infer version release dates of applications, and measure population adoption, at a global scale. To deal with loosely structured User-Agent data, we develop a semi-supervised method that can reliably extract application and version information for some 87% of requests served by a major CDN every day. Using this methodology, we track release and adoption dynamics of some 35,000 applications. Analyzing over three years of CDN logs, we show that vendors' update strategies and platforms have a significant eect on the adoption of application updates. Our results show that, on some platforms, up to 25% of requests originate from hosts running application versions that are out-of-date by more than 100 days, and 16% more than 300 days. We nd pronounced dierences across geographical regions, and overall, less developed regions are more likely to have out-of-date software versions. Though, for every country, we nd that at least 10% of requests reaching the CDN run software that is out-of-date by more than three months.

show abstract

Evidence-based cybersecurity policy? A meta-review of security control effectiveness

Woods,

Seymour

2023

Journal of Cyber Policy

View full text Add to dashboard Cite

Measuring Security Practices and How They Impact Security

Cited by 9 publications

References 18 publications

A Haystack Full of Needles

A Haystack Full of Needles

Who's left behind?

Evidence-based cybersecurity policy? A meta-review of security control effectiveness

Contact Info

Product

Resources

About