Blood in the Water

Clark, Sandy; Blaze, Matt; Smith, Jonathan

doi:10.1007/978-3-662-45921-8_4

Blood in the Water

Are there Honeymoon Effects Outside Software?

Sandy Clark¹⁶,
Matt Blaze¹⁶ &
Jonathan Smith¹⁶

Conference paper

400 Accesses
2 Citations

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7061))

Abstract

In a previous paper at this workshop (and in a forthcoming full paper), we observed that software systems enjoy a security “honeymoon period” in the early stages of their life-cycles. Attackers take considerably longer to make their first discoveries of exploitable flaws in software systems than they do to discover flaws as systems mature. This is true even though the first flaws, presumably, actually represent the easiest bugs to find and even though the more mature systems tend to be more intrinsically robust.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

August, G.L.: An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters 56, 131–133 (1995)
Article Google Scholar
Chabaud, F., Joux, A.: Differential collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56–71. Springer, Heidelberg (1998)
Chapter Google Scholar
Kortchinsky, K.: Cloudburst: A VMware guest to host escape story. In: BlackHat (2009), http://www.blackhat.com/presentations/bh-usa-09/KORTCHINSKY/BHUSA09-Kortchinsky-Cloudburst-PAPER.pdf
Lowe, G.: Some new attacks upon security protocols. In: Proceedings of the 9th IEEE Computer Security Foundations Workshop, pp. 162–169. IEEE Computer Society Press (1996)
Google Scholar
Biham, E., Chen, R.: Near-collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)
Chapter Google Scholar
Syverson, P.: A taxonomy of replay attacks. In: Proceedings of the 7th IEEE Computer Security Foundations Workshop, pp. 187–191. IEEE Computer Society Press (1994)
Google Scholar
Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)
Chapter Google Scholar
Wang, X., Yu, H.: How to break md5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

University of Pennsylvania, USA
Sandy Clark, Matt Blaze & Jonathan Smith

Authors

Sandy Clark
View author publications
You can also search for this author in PubMed Google Scholar
Matt Blaze
View author publications
You can also search for this author in PubMed Google Scholar
Jonathan Smith
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

University of Hertfordshire, AL10 9AB, Hatfield, Hertfordshire, UK
Bruce Christianson & James Malcolm &

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Clark, S., Blaze, M., Smith, J. (2014). Blood in the Water. In: Christianson, B., Malcolm, J. (eds) Security Protocols XVIII. Security Protocols 2010. Lecture Notes in Computer Science, vol 7061. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45921-8_4

Download citation

DOI: https://doi.org/10.1007/978-3-662-45921-8_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-45920-1
Online ISBN: 978-3-662-45921-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics