The matter of heartbleed

Zakir Durumeric; James Kasten; David Adrian; J. Alex Halderman; Michael Bailey; Frank Li; Nicholas Weaver; Johanna Amann; Jethro Beekman; Mathias Payer; Vern Paxson

doi:10.1145/2663716.2663755

The matter of heartbleed

Zakir Durumeric, James Kasten, David Adrian, J. Alex Halderman, Michael Bailey, Frank Li, Nicholas Weaver, Johanna Amann, Jethro Beekman, Mathias Payer, Vern Paxson

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The Heartbleed vulnerability took the Internet by surprise in April 2014. The vulnerability, one of the most consequential since the advent of the commercial Internet, allowed attackers to remotely read protected memory from an estimated 24-55% of popular HTTPS sites. In this work, we perform a comprehensive, measurementbased analysis of the vulnerability's impact, including (1) tracking the vulnerable population, (2) monitoring patching behavior over time, (3) assessing the impact on the HTTPS certificate ecosystem, and (4) exposing real attacks that attempted to exploit the bug. Furthermore, we conduct a large-scale vulnerability notification experiment involving 150,000 hosts and observe a nearly 50% increase in patching by notified hosts. Drawing upon these analyses, we discuss what went well and what went poorly, in an effort to understand how the technical community can respond more effectively to such events in the future.

Original language	English (US)
Title of host publication	IMC 2014 - Proceedings of the 2014 ACM
Publisher	Association for Computing Machinery
Pages	475-488
Number of pages	14
ISBN (Electronic)	9781450332132
DOIs	https://doi.org/10.1145/2663716.2663755
State	Published - Nov 5 2014
Event	2014 ACM Internet Measurement Conference, IMC 2014 - Vancouver, Canada Duration: Nov 5 2014 → Nov 7 2014

Publication series

Name	Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC

Other

Other	2014 ACM Internet Measurement Conference, IMC 2014
Country/Territory	Canada
City	Vancouver
Period	11/5/14 → 11/7/14

ASJC Scopus subject areas

Software
Computer Networks and Communications

Online availability

10.1145/2663716.2663755

Library availability

Discover UIUC Full Text

Cite this

Durumeric, Z., Kasten, J., Adrian, D., Halderman, J. A., Bailey, M., Li, F., Weaver, N., Amann, J., Beekman, J., Payer, M., & Paxson, V. (2014). The matter of heartbleed. In IMC 2014 - Proceedings of the 2014 ACM (pp. 475-488). (Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC). Association for Computing Machinery. https://doi.org/10.1145/2663716.2663755

Durumeric, Z, Kasten, J, Adrian, D, Halderman, JA, Bailey, M, Li, F, Weaver, N, Amann, J, Beekman, J, Payer, M & Paxson, V 2014, The matter of heartbleed. in IMC 2014 - Proceedings of the 2014 ACM. Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC, Association for Computing Machinery, pp. 475-488, 2014 ACM Internet Measurement Conference, IMC 2014, Vancouver, Canada, 11/5/14. https://doi.org/10.1145/2663716.2663755

@inproceedings{84abe188f53f492b96471c5b8d851e8f,

title = "The matter of heartbleed",

abstract = "The Heartbleed vulnerability took the Internet by surprise in April 2014. The vulnerability, one of the most consequential since the advent of the commercial Internet, allowed attackers to remotely read protected memory from an estimated 24-55% of popular HTTPS sites. In this work, we perform a comprehensive, measurementbased analysis of the vulnerability's impact, including (1) tracking the vulnerable population, (2) monitoring patching behavior over time, (3) assessing the impact on the HTTPS certificate ecosystem, and (4) exposing real attacks that attempted to exploit the bug. Furthermore, we conduct a large-scale vulnerability notification experiment involving 150,000 hosts and observe a nearly 50% increase in patching by notified hosts. Drawing upon these analyses, we discuss what went well and what went poorly, in an effort to understand how the technical community can respond more effectively to such events in the future.",

author = "Zakir Durumeric and James Kasten and David Adrian and Halderman, {J. Alex} and Michael Bailey and Frank Li and Nicholas Weaver and Johanna Amann and Jethro Beekman and Mathias Payer and Vern Paxson",

note = "Publisher Copyright: Copyright {\textcopyright} 2014 by the Association for Computing Machinery, Inc. (ACM).; 2014 ACM Internet Measurement Conference, IMC 2014 ; Conference date: 05-11-2014 Through 07-11-2014",

year = "2014",

month = nov,

day = "5",

doi = "10.1145/2663716.2663755",

language = "English (US)",

series = "Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC",

publisher = "Association for Computing Machinery",

pages = "475--488",

booktitle = "IMC 2014 - Proceedings of the 2014 ACM",

}

TY - GEN

T1 - The matter of heartbleed

AU - Durumeric, Zakir

AU - Kasten, James

AU - Adrian, David

AU - Halderman, J. Alex

AU - Bailey, Michael

AU - Li, Frank

AU - Weaver, Nicholas

AU - Amann, Johanna

AU - Beekman, Jethro

AU - Payer, Mathias

AU - Paxson, Vern

PY - 2014/11/5

Y1 - 2014/11/5

N2 - The Heartbleed vulnerability took the Internet by surprise in April 2014. The vulnerability, one of the most consequential since the advent of the commercial Internet, allowed attackers to remotely read protected memory from an estimated 24-55% of popular HTTPS sites. In this work, we perform a comprehensive, measurementbased analysis of the vulnerability's impact, including (1) tracking the vulnerable population, (2) monitoring patching behavior over time, (3) assessing the impact on the HTTPS certificate ecosystem, and (4) exposing real attacks that attempted to exploit the bug. Furthermore, we conduct a large-scale vulnerability notification experiment involving 150,000 hosts and observe a nearly 50% increase in patching by notified hosts. Drawing upon these analyses, we discuss what went well and what went poorly, in an effort to understand how the technical community can respond more effectively to such events in the future.

AB - The Heartbleed vulnerability took the Internet by surprise in April 2014. The vulnerability, one of the most consequential since the advent of the commercial Internet, allowed attackers to remotely read protected memory from an estimated 24-55% of popular HTTPS sites. In this work, we perform a comprehensive, measurementbased analysis of the vulnerability's impact, including (1) tracking the vulnerable population, (2) monitoring patching behavior over time, (3) assessing the impact on the HTTPS certificate ecosystem, and (4) exposing real attacks that attempted to exploit the bug. Furthermore, we conduct a large-scale vulnerability notification experiment involving 150,000 hosts and observe a nearly 50% increase in patching by notified hosts. Drawing upon these analyses, we discuss what went well and what went poorly, in an effort to understand how the technical community can respond more effectively to such events in the future.

UR - http://www.scopus.com/inward/record.url?scp=84910125196&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84910125196&partnerID=8YFLogxK

U2 - 10.1145/2663716.2663755

DO - 10.1145/2663716.2663755

M3 - Conference contribution

AN - SCOPUS:84910125196

T3 - Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC

SP - 475

EP - 488

BT - IMC 2014 - Proceedings of the 2014 ACM

PB - Association for Computing Machinery

T2 - 2014 ACM Internet Measurement Conference, IMC 2014

Y2 - 5 November 2014 through 7 November 2014

ER -

The matter of heartbleed

Abstract

Publication series

Other

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this