Sciweavers

P2P
2010
IEEE

On the Privacy of Peer-Assisted Distribution of Security Patches

13 years 10 months ago
On the Privacy of Peer-Assisted Distribution of Security Patches
Abstract--When a host discovers that it has a software vulnerability that is susceptible to an attack, the host needs to obtain and install a patch. Because centralized distribution of patches may not scale well, peer-to-peer (P2P) approaches have recently been suggested. There is, however, a serious privacy problem with peer-assisted patch distribution: when a peer A requests a patch from another peer B, it announces to B its vulnerability, which B can exploit instead of providing the patch. Through analytical modeling and simulation, we show that a large majority of vulnerable hosts will typically become compromised with a basic design for peer-assisted patch distribution. We then study the effectiveness of two different approaches in countering this privacy problem. The first approach utilizes special-purpose peer nodes, referred to as honeypots, that discover and blacklist malicious peers listening for patch requests from susceptible hosts. In the second approach, the patches are r...
Di Wu, Cong Tang, Prithula Dhungel, Nitesh Saxena,
Added 14 Feb 2011
Updated 14 Feb 2011
Type Journal
Year 2010
Where P2P
Authors Di Wu, Cong Tang, Prithula Dhungel, Nitesh Saxena, Keith W. Ross
Comments (0)