论文信息 - The Matter of Heartbleed

The Matter of Heartbleed

The Heartbleed vulnerability took the Internet by surprise in April 2014. The vulnerability, one of the most consequential since the advent of the commercial Internet, allowed attackers to remotely read protected memory from an estimated 24--55% of popular HTTPS sites. In this work, we perform a comprehensive, measurement-based analysis of the vulnerability's impact, including (1) tracking the vulnerable population, (2) monitoring patching behavior over time, (3) assessing the impact on the HTTPS certificate ecosystem, and (4) exposing real attacks that attempted to exploit the bug. Furthermore, we conduct a large-scale vulnerability notification experiment involving 150,000 hosts and observe a nearly 50% increase in patching by notified hosts. Drawing upon these analyses, we discuss what went well and what went poorly, in an effort to understand how the technical community can respond more effectively to such events in the future.

[1] Vern Paxson,et al. Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[2] Hovav Shacham,et al. When private keys are public: results from the 2008 Debian OpenSSL vulnerability , 2009, IMC '09.

[3] Robin Sommer,et al. Extracting Certificates from Live Traffic : A Near Real Time SSL Notary Service , 2012 .

[4] Michael Tüxen,et al. Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension , 2012, RFC.

[5] J. Alex Halderman,et al. Analysis of the HTTPS certificate ecosystem , 2013, Internet Measurement Conference.

[6] Eric Wustrow,et al. ZMap: Fast Internet-wide Scanning and Its Security Applications , 2013, USENIX Security Symposium.