Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • harvard-cite-them-right
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Determining the Utility of Cyber Vulnerability Implantation: The Heartbleed Bug as a Cyber Operation
Försvarshögskolan, Militärvetenskapliga institutionen (MVI), Militärtekniska avdelningen (MTA).ORCID-id: 0000-0002-4376-9800
Svenska Dagbladet, Stockholm, Sweden.
2014 (engelsk)Inngår i: Military Communications Conference (MILCOM), 2014 IEEE, IEEE conference proceedings, 2014, s. 110-116Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Flaws in computer software or hardware that are as yet unknown to the public, known as zero-day vulnerabilities, are an increasingly sought-after resource by actors conducting cyber operations. While the objective pursued is commonly defensive, as in protecting own systems and networks, cyber operations may also involve exploiting identified vulnerabilities for intelligence collection or to produce military effects. The weapon zing and stockpiling of such vulnerabilities by various actors, or even the intentional implantation into cyberspace infrastructure, is a trend that currently resembles an arms race. An open question is how to measure the utility that access to these exploitable vulnerabilities provides for military purposes, and how to contrast and compare this to the possible adverse societal consequences that withholding disclosure of them may result in, such as loss of privacy or impeded freedom of the press. This paper presents a case study focusing on the Heart bleed bug, used as a tool in an offensive cyber operation. We introduce a model to estimate the adoption rate of an implanted flaw in Open SSL, derived by fitting collected real-world data. Our calculations show that reaching a global adoption of at least 50 % would take approximately three years from the time of release, given that the vulnerability remains undiscovered, while surpassing 75 % adoption would take an estimated four years. The paper concludes that while exploiting zero-day vulnerabilities may indeed be of significant military utility, such operations take time. They may also incur non-negligible risks of collateral damage and other societal costs.

sted, utgiver, år, opplag, sider
IEEE conference proceedings, 2014. s. 110-116
Serie
MILCOM IEEE Military Communications Conference, ISSN 2155-7578 ; 6-8 Oct. 2014
HSV kategori
Forskningsprogram
Försvarssystem
Identifikatorer
URN: urn:nbn:se:fhs:diva-5011DOI: 10.1109/MILCOM.2014.25OAI: oai:DiVA.org:fhs-5011DiVA, id: diva2:766613
Konferanse
Military Communications Conference (MILCOM), 2014 IEEE, Baltimore, MD, USA, 6-8 October 2014
Tilgjengelig fra: 2014-11-27 Laget: 2014-11-27 Sist oppdatert: 2019-08-26bibliografisk kontrollert

Open Access i DiVA

Fulltekst mangler i DiVA

Andre lenker

Forlagets fulltekst

Personposter BETA

Sigholm, Johan

Søk i DiVA

Av forfatter/redaktør
Sigholm, Johan
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric

doi
urn-nbn
Totalt: 240 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • harvard-cite-them-right
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf