Keepers of the machines: Examining how system administrators manage software updates

Frank Li, Lisa Rogers, Arunesh Mathur, Nathan Malkin, Marshini Chetty

Research output: Chapter in Book/Report/Conference proceedingConference contribution

31 Scopus citations

Abstract

Keeping machines updated is crucial for maintaining system security. While recent studies have investigated the software updating practices of end users, system administrators have received less attention. Yet, system administrators manage numerous machines for their organizations, and security lapses at these hosts can lead to damaging attacks. To improve security at scale, we therefore also need to understand how this specific population behaves and how to help administrators keep machines up-to-date. In this paper, we study how system administrators manage software updates. We surveyed 102 administrators and interviewed 17 in-depth to understand their processes and how their methods impact updating effectiveness. We find that system administrators proceed through software updates through five main stages that, while similar to those of end users, involve significantly different considerations and actions performed, highlighting the value of focusing specifically on the administrator population. By gathering evidence on how administrators conduct updates, we identify challenges that they encountered and limitations of existing procedures at all stages of the updating process. We observe issues with comprehensively acquiring meaningful information about available updates, effectively testing and deploying updates in a timely manner, recovering from update-induced problems, and interacting with organizational and management influences. Moving forward, we propose directions for future research and community actions that may help system administrators perform updates more effectively.

Original languageEnglish (US)
Title of host publicationProceedings of the 15th Symposium on Usable Privacy and Security, SOUPS 2019
PublisherUSENIX Association
Pages273-288
Number of pages16
ISBN (Electronic)9781939133052
StatePublished - 2019
Externally publishedYes
Event15th Symposium on Usable Privacy and Security, SOUPS 2019 - Santa Clara, United States
Duration: Aug 12 2019Aug 13 2019

Publication series

NameProceedings of the 15th Symposium on Usable Privacy and Security, SOUPS 2019

Conference

Conference15th Symposium on Usable Privacy and Security, SOUPS 2019
Country/TerritoryUnited States
CitySanta Clara
Period8/12/198/13/19

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Keepers of the machines: Examining how system administrators manage software updates'. Together they form a unique fingerprint.

Cite this