Sök i LIBRIS databas

  Utökad sökning


Sökning: onr:"swepub:oai:DiVA.org:fhs-5011" > Determining the Uti...

Determining the Utility of Cyber Vulnerability Implantation : The Heartbleed Bug as a Cyber Operation

Sigholm, Johan, (författare)
Försvarshögskolan, Militärtekniska avdelningen (MTA)
Larsson, Emil, (författare)
Svenska Dagbladet, Stockholm, Sweden
Försvarshögskolan Militärvetenskapliga institutionen (MVI). Militärtekniska avdelningen (MTA). (creator_code:org_t)
Serie: MILCOM IEEE Military Communications Conference, 2155-7578 ; 6-8 Oct. 2014
Ingår i: Military Communications Conference (MILCOM), 2014 IEEE. - IEEE conference proceedings. ; s. 110-116
  • Konferensbidrag (refereegranskat)
Abstract Ämnesord
  • Flaws in computer software or hardware that are as yet unknown to the public, known as zero-day vulnerabilities, are an increasingly sought-after resource by actors conducting cyber operations. While the objective pursued is commonly defensive, as in protecting own systems and networks, cyber operations may also involve exploiting identified vulnerabilities for intelligence collection or to produce military effects. The weapon zing and stockpiling of such vulnerabilities by various actors, or even the intentional implantation into cyberspace infrastructure, is a trend that currently resembles an arms race. An open question is how to measure the utility that access to these exploitable vulnerabilities provides for military purposes, and how to contrast and compare this to the possible adverse societal consequences that withholding disclosure of them may result in, such as loss of privacy or impeded freedom of the press. This paper presents a case study focusing on the Heart bleed bug, used as a tool in an offensive cyber operation. We introduce a model to estimate the adoption rate of an implanted flaw in Open SSL, derived by fitting collected real-world data. Our calculations show that reaching a global adoption of at least 50 % would take approximately three years from the time of release, given that the vulnerability remains undiscovered, while surpassing 75 % adoption would take an estimated four years. The paper concludes that while exploiting zero-day vulnerabilities may indeed be of significant military utility, such operations take time. They may also incur non-negligible risks of collateral damage and other societal costs.


TEKNIK OCH TEKNOLOGIER  -- Maskinteknik -- Rymd- och flygteknik (hsv//swe)
ENGINEERING AND TECHNOLOGY  -- Mechanical Engineering -- Aerospace Engineering (hsv//eng)


Military Technology

Publikations- och innehållstyp

kon (ämneskategori)
ref (ämneskategori)

Till lärosätets databas

Hitta mer i SwePub

Av författaren/redakt...
Sigholm, Johan
Larsson, Emil
Om ämnet
och Maskinteknik
och Rymd och flygtek ...
Delar i serien
Artiklar i publikationen
Av lärosätet

Sök utanför SwePub

pil uppåt Stäng

Kopiera och spara länken för att återkomma till aktuell vy