On the Privacy of Peer-Assisted Distribution of Security Patches

Download Now Date Added: Jun 2010
Format: PDF

When a host discovers that it has a software vulnerability that is susceptible to an attack, the host needs to obtain and install a patch. Because centralized distribution of patches may not scale well, Peer-To-Peer (P2P) approaches have recently been suggested. There is, however, a serious privacy problem with peer-assisted patch distribution: when a peer A requests a patch from another peer B, it announces to B its vulnerability, which B can exploit instead of providing the patch. Through analytical modeling and simulation, the authors show how that a large majority of vulnerable hosts will typically become compromised with a basic design for peer-assisted patch distribution.