DOI:10.1109/EuroSP.2019.00032

Corpus ID: 201620208

Tell Me You Fixed It: Evaluating Vulnerability Notifications via Quarantine Networks

@article{etin2019TellMY,
  title={Tell Me You Fixed It: Evaluating Vulnerability Notifications via Quarantine Networks},
  author={Orçun Çetin and Carlos Ga{\~n}{\'a}n and L. Altena and Samaneh Tajalizadehkhoob and M. Eeten},
  journal={2019 IEEE European Symposium on Security and Privacy (EuroS&P)},
  year={2019},
  pages={326-339}
}

Orçun Çetin, Carlos Gañán, +2 authors M. Eeten
Published 2019
Computer Science
2019 IEEE European Symposium on Security and Privacy (EuroS&P)

Mechanisms for large-scale vulnerability notifications have been confronted with disappointing remediation rates. It has proven difficult to reach the relevant party and, once reached, to incentivize them to act. We present the first empirical study of a potentially more effective mechanism: quarantining the vulnerable resource until it is remediated. We have measured the remediation rates achieved by a medium-sized ISP for 1, 688 retail customers running open DNS resolvers or Multicast DNS… Expand

Share This Paper

2 Citations

Highly Influential Citations

1

Background Citations

1

Results Citations

1

Figures, Tables, and Topics from this paper

Remedying Security Concerns at an Internet Scale

F. Li
Computer Science
2019

PDF

Effective Notification Campaigns on the Web: A Matter of Trust, Framing, and Support

Max Maass, Alina Stöver, +4 authors Indra Spiecker
Computer Science
ArXiv
2020

Highly Influenced
PDF

References

SHOWING 1-10 OF 19 REFERENCES

SORT BY

Make notifications great again: learning how to notify in the age of large-scale vulnerability scanning

F. Çetin, C. H. Gañán, Maciej Korczynski, M.J.G. van Eeten
Business
2017

20
PDF

You've Got Vulnerability: Exploring Effective Vulnerability Notifications

F. Li, Zakir Durumeric, +5 authors V. Paxson
Computer Science
USENIX Security Symposium
2016

64
Highly Influential
PDF

Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification

Ben Stock, G. Pellegrino, C. Rossow, Martin Johns, M. Backes
Computer Science
USENIX Security Symposium
2016

48
PDF

Didn't You Hear Me? - Towards More Successful Web Vulnerability Notifications

Ben Stock, G. Pellegrino, F. Li, M. Backes, C. Rossow
Computer Science
NDSS
2018

28
PDF

Remedying Web Hijacking: Notification Effectiveness and Webmaster Comprehension

F. Li, Grant Ho, +5 authors V. Paxson
Computer Science
WWW
2016

37
PDF

Let Me Out! Evaluating the Effectiveness of Quarantining Compromised Users in Walled Gardens

Orçun Çetin, Carlos Gañán, L. Altena, Samaneh Tajalizadehkhoob, M. Eeten
Computer Science
SOUPS @ USENIX Security Symposium
2018

8
PDF

Exit from Hell? Reducing the Impact of Amplification DDoS Attacks

Marc Kührer, Thomas Hupperich, C. Rossow, T. Holz
Computer Science
USENIX Security Symposium
2014

154
Highly Influential
PDF

Do Malware Reports Expedite Cleanup? An Experimental Study

Marie Vasek, T. Moore
Engineering, Computer Science
CSET
2012

29
PDF

Cleaning Up the Internet of Evil Things: Real-World Evidence on ISP and Consumer Efforts to Remove Mirai

Orçun Çetin, Carlos Gañán, +6 authors M. Eeten
Computer Science
NDSS
2019

20
PDF

Understanding the Role of Sender Reputation in Abuse Reporting and Cleanup

Orçun Çetin, Mohammad Hanif Jhaveri, Carlos Gañán, M. Eeten, T. Moore
Business, Computer Science
WEIS
2015

34
PDF