TY - GEN
T1 - Keepers of the machines
T2 - 15th Symposium on Usable Privacy and Security, SOUPS 2019
AU - Li, Frank
AU - Rogers, Lisa
AU - Mathur, Arunesh
AU - Malkin, Nathan
AU - Chetty, Marshini
N1 - Publisher Copyright:
© is held by the author/owner.
PY - 2019
Y1 - 2019
N2 - Keeping machines updated is crucial for maintaining system security. While recent studies have investigated the software updating practices of end users, system administrators have received less attention. Yet, system administrators manage numerous machines for their organizations, and security lapses at these hosts can lead to damaging attacks. To improve security at scale, we therefore also need to understand how this specific population behaves and how to help administrators keep machines up-to-date. In this paper, we study how system administrators manage software updates. We surveyed 102 administrators and interviewed 17 in-depth to understand their processes and how their methods impact updating effectiveness. We find that system administrators proceed through software updates through five main stages that, while similar to those of end users, involve significantly different considerations and actions performed, highlighting the value of focusing specifically on the administrator population. By gathering evidence on how administrators conduct updates, we identify challenges that they encountered and limitations of existing procedures at all stages of the updating process. We observe issues with comprehensively acquiring meaningful information about available updates, effectively testing and deploying updates in a timely manner, recovering from update-induced problems, and interacting with organizational and management influences. Moving forward, we propose directions for future research and community actions that may help system administrators perform updates more effectively.
AB - Keeping machines updated is crucial for maintaining system security. While recent studies have investigated the software updating practices of end users, system administrators have received less attention. Yet, system administrators manage numerous machines for their organizations, and security lapses at these hosts can lead to damaging attacks. To improve security at scale, we therefore also need to understand how this specific population behaves and how to help administrators keep machines up-to-date. In this paper, we study how system administrators manage software updates. We surveyed 102 administrators and interviewed 17 in-depth to understand their processes and how their methods impact updating effectiveness. We find that system administrators proceed through software updates through five main stages that, while similar to those of end users, involve significantly different considerations and actions performed, highlighting the value of focusing specifically on the administrator population. By gathering evidence on how administrators conduct updates, we identify challenges that they encountered and limitations of existing procedures at all stages of the updating process. We observe issues with comprehensively acquiring meaningful information about available updates, effectively testing and deploying updates in a timely manner, recovering from update-induced problems, and interacting with organizational and management influences. Moving forward, we propose directions for future research and community actions that may help system administrators perform updates more effectively.
UR - http://www.scopus.com/inward/record.url?scp=85075947810&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85075947810&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85075947810
T3 - Proceedings of the 15th Symposium on Usable Privacy and Security, SOUPS 2019
SP - 273
EP - 288
BT - Proceedings of the 15th Symposium on Usable Privacy and Security, SOUPS 2019
PB - USENIX Association
Y2 - 12 August 2019 through 13 August 2019
ER -