Timing the application of security patches for optimal uptime

Proceedings of the 16th Conference on Systems Administration, LISA 2002

Volumn , Issue , 2002, Pages 233-242

  Beattie, Steve ^a   Arnold, Seth ^a   Cowan, Crispin ^a   Wagle, Perry ^a   Wright, Chris ^a   Shostack, Adam ^b  

^a WireX Communications Inc   (United States)

^b Zero Knowledge Systems Inc   (Canada)

Author keywords

[No Author keywords available]

Indexed keywords

EMPIRICAL DATA; FORMAL FOUNDATION; SECURITY PATCHES; SECURITY VULNERABILITIES;

TIMING CIRCUITS;

EID: 78249276668     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (29)

1. Anderson, Ross, Security Engineering: A Guide to Building Dependable Distributed Systems, John Wiley & Sons, Inc., p. 372, New York, 2001.
2. Anderson, Ross, Why Information Security is Hard - An Economic Perspective, 17th Annual Computer Security Applications Conference (ACSAC), New Orleans, LA, December 2001.
3. Bailey, Ed, Maximum RPM, Red Hat Press, 1997.
4. Browne, Hilary K., William A. Arbaugh, John McHugh, and William L. Fithen, "A Trend Analysis of Exploitations, " In Proceedings of the 2001 IEEE Security and Privacy Conference, pages 214-229, Oakland, CA, http://www.cs. umd.edu/~waa/pubs/CS-TR-4200.pdf, May 2001.
5. Caldera, Inc., Caldera Security Advisories, http:// www.caldera.com/support/security/, 2001.
6. CERT Coordination Center, CERT Advisory CA-2001-19 "Code Red" Worm Exploiting Buffer Overflow In IIS Indexing Service DLL, http://www.cert.org/advisories/CA-2001-19.html, August 2001.
7. Christey, Steven M., An Informal Analysis of Vendor Acknowledgement of Vulnerabilities, Bugtraq Mailing List, http://www.securityfocus. com/cgi-bin/archive.pl?id=1&mid=168287, March 2001.
8. Cisco Systems, Inc., Security Advisory: Cisco Content Services Switch Vulnerability, http:// www.cisco.com/warp/public/707/arrowpoint-clifilesystem- pub.shtml, April 2001.
9. Cowan, Crispin, Steve Beattie, Calton Pu, Perry Wagle, and Virgil Gligor, SubDomain: Parsimonious Server Security, USENIX 14th Systems Administration Conference (LISA), New Orleans, LA, December 2000.
10. Dittrich, Dave, The Forensic Challenge, http:// project.honeynet.org/challenge/, January 2001.
11. Farmer, Dan, Shall We Dust Moscow? Security Survey of Key Internet Hosts & Various Semi- Relevant Reflections, http://www.fish.com/survey/, December 1996.
12. Goldberg, Ian, David Wagner, Randi Thomas, and Eric Brewer, "A Secure Environment for Untrusted Helper Applications, " 6th USENIX Security Conference, San Jose, CA, July 1996.
13. Hinton, Heather M., Crispin Cowan, Lois Delcambre, and Shawn Bowers, "SAM: Security Adaptation Manager, " Annual Computer Security Applications Conference (ACSAC), Phoenix, AZ, December 1999.
14. The Honeynet Project, Know Your Enemy: Revealing the Security Tools, Tactics and Motives of the BlackHat Community, Addison Wesley, Boston, 2002.
15. Howard, John D., An Analysis of Security Incidents on the Internet 1989 - 1995, Ph.D. thesis, Carnegie Mellon University, http://www.cert. org/research/JHThesis/Start.html, October 1997.
16. Martin, Robert A., "Managing Vulnerabilities in Networked Systems, " IEEE Computer Society COMPUTER Magazine, pp. 32-38, http://cve. mitre.org/, November 2001.
17. McNeil, B. J., S. G. Pauker, H. C. Sox, and A. Tversky, "On the Elicitation of Preferences for Alternative Therapies, " New England Journal of Medicine, No. 306, pp. 1259-1262, 1982.
18. Microsoft, Automatic Update Feature in Windows XP, http://support.microsoft.com/directory/article, asp?ID=KB;EN-US;Q294871, October 2001.
19. Microsoft Corporation, Microsoft Security Bulletin MS01-031 Predictable Name Pipes Could Enable Privilege Elevation via Telnet, http://www. microsoft.com/technet/security/bulletin/MS01-031. asp?frame=true, June 2001.
20. Pescatore, John, Nimda Worm Shows You Can't Always Patch Fast Enough, http://www.gartner. com/DisplayDocument?id=340962, September 2001.
21. Reavis, Jim, Linux vs. Microsoft: Who Solves Security Problems Faster?, [no longer available on the web], January 2000.
22. Red Hat, Inc., Red Hat Update Agent, https://rhn. redhat.com/help/sm/up2date.html, 2001.
23. Schneier, Bruce, Full Disclosure and the Window of Exposure, http://www.counterpane.com/cryptogram- 0009.html#1, September 2000.
24. Shakespeare, William, Hamlet, Act I, Scenes 3 and 4, F. S. Crofts & Co., New York, 1946.
25. Silva, Gustavo Noronha, Debian APT Howto, http://www.debian.org/doc/manuals/apt-howto/ index.en.html, September 2001.
26. Staniford, Stuart, Gary Grim, and Roelof Jonkman, Flash Worms: Thirty Seconds to Infect the Internet, http://www.silicondefense.com/flash/, August 2001.
27. van Doorn, Leendert, Gerco Ballintijn, and William A. Arbaugh, Signed Executables for Linux, Technical Report UMD CS-TR-4259, University of Maryland, 2001.
28. Weaver, Nicholas C., Warhol Worms: The Potential for Very Fast Internet Plagues, http://www. cs.berkeley.edu/~nweaver/warhol.html, August 2001.
29. Ximian Inc., Ximian Red Carpet Automated Software Maintenance and Version Management, 2001.