; Hand this in to:   tdumitra@umiacs.umd.edu


; Required Readings

@inproceedings{Windows_Update,
  Abstract =	 {Fast and effective distribution of software updates
                  (a.k.a. patches) to millions of Internet users has
                  evolved into a critical task over the last years. In
                  this paper, we characterize Windows Update, one of
                  the largest update services in the world, with the
                  aim to draw general guidelines on how to best design
                  and architect a fast and effective planet-scale
                  patch dissemination system. To this end, we analyze
                  an extensive set of data traces collected over the
                  period of a year, consisting of billions of queries
                  from over 300 million computers. Based on empirical
                  observations and analytical results, we identify
                  interesting properties of today's update traffic and
                  user behavior.Building on this analysis, we consider
                  alternative patch delivery strategies such as
                  caching and peer-to-peer and evaluate their
                  performance. We identify key factors that determine
                  the effectiveness of these schemes in reducing the
                  server workload and the network traffic, and in
                  speeding-up the patch delivery. Most of our findings
                  are invariant properties induced by either user
                  behavior or architectural characteristics of today's
                  Internet, and thus apply to the general problem of
                  Internet-wide dissemination of software updates.},
  Author =	 {Christos Gkantsidis and Thomas Karagiannis and Pablo
                  Rodriguez and Milan Vojnovic},
  Bibsource =	 {DBLP, http://dblp.uni-trier.de},
  Booktitle =	 {SIGCOMM},
  Crossref =	 {DBLP:conf/sigcomm/2006},
  Pages =	 {423-434},
  Title =	 {Planet scale software updates},
  Year =	 {2006},
  studentfirstname ="",
  studentlastname ="",
  summary =	 "",
  contribution1 ="",
  contribution2 ="",
  contribution3 ="",
  contribution4 ="",
  contribution5 ="",
  weakness1 =	 "",
  weakness2 =	 "",
  weakness3 =	 "",
  weakness4 =	 "",
  weakness5 =	 "",
  interesting =	 "high/med/low",
  opinions =	 "",
}

@inproceedings{OpenSSL,
  Abstract =	 {We report on the aftermath of the discovery of a
                  severe vulnerability in the Debian Linux version of
                  OpenSSL. Systems affected by the bug generated
                  predictable random numbers, most importantly
                  public/private keypairs. To study user response to
                  this vulnerability, we collected a novel dataset of
                  daily remote scans of over 50,000 SSL/TLS-enabled
                  Web servers, of which 751 displayed vulnerable
                  certificates. We report three primary
                  results. First, as expected from previous work, we
                  find an extremely slow rate of fixing, with 30% of
                  the hosts vulnerable when we began our survey on day
                  4 after disclosure still vulnerable almost six
                  months later. However, unlike conventional
                  vulnerabilities, which typically show a short, fast
                  fixing phase, we observe a much flatter curve with
                  fixing extending six months after the
                  announcement. Second, we identify some predictive
                  factors for the rate of upgrading. Third, we find
                  that certificate authorities continued to issue
                  certificates to servers with weak keys long after
                  the vulnerability was disclosed.},
  Author =	 {Scott Yilek and Eric Rescorla and Hovav Shacham and
                  Brandon Enright and Stefan Savage},
  Bibsource =	 {DBLP, http://dblp.uni-trier.de},
  Booktitle =	 {Internet Measurement Conference},
  Crossref =	 {DBLP:conf/imc/2009},
  Pages =	 {15-27},
  Title =	 {When private keys are public: results from the 2008
                  Debian OpenSSL vulnerability},
  Year =	 {2009},
  studentfirstname ="",
  studentlastname ="",
  summary =	 "",
  contribution1 ="",
  contribution2 ="",
  contribution3 ="",
  contribution4 ="",
  contribution5 ="",
  weakness1 =	 "",
  weakness2 =	 "",
  weakness3 =	 "",
  weakness4 =	 "",
  weakness5 =	 "",
  interesting =	 "high/med/low",
  opinions =	 "",
}




; BibTex cross-references (don't add anything here)

@proceedings{DBLP:conf/imc/2009,
  Bibsource =	 {DBLP, http://dblp.uni-trier.de},
  Booktitle =	 {Internet Measurement Conference},
  Editor =	 {Anja Feldmann and Laurent Mathy},
  Isbn =	 {978-1-60558-771-4},
  Publisher =	 {ACM},
  Title =	 {Proceedings of the 9th ACM SIGCOMM Conference on
                  Internet Measurement 2009, Chicago, Illinois, USA,
                  November 4-6, 2009},
  Year =	 {2009}
}


@proceedings{DBLP:conf/sigcomm/2006,
  Bibsource =	 {DBLP, http://dblp.uni-trier.de},
  Booktitle =	 {SIGCOMM},
  Editor =	 {Luigi Rizzo and Thomas E. Anderson and Nick McKeown},
  Isbn =	 {1-59593-308-5},
  Publisher =	 {ACM},
  Title =	 {Proceedings of the ACM SIGCOMM 2006 Conference on
                  Applications, Technologies, Architectures, and
                  Protocols for Computer Communications, Pisa, Italy,
                  September 11-15, 2006},
  Year =	 {2006}
}