Research Papers & Reports

Repository of my academic and industry publications.


.

2004 to 2016

All 2016 2015 2014 2013 2012 2011 2010 2009 2008 2006 2004

Authors and coauthors 2004 to 2016:

Alexander Saichev (1), Bernhard Plattner (4), Bernhard Tellenbach (1), Brian Birkvald (1), Brian Trammel (1), Didier Sornette (1), Dominik Schatzmann (1), Francisco Artes (2), Gunter Ollmann (2), Ivo Silvestri (1), Jonathan Smith (1), Martin May (3), Matt Blaze (1), Sandy Clark (1), Stefan Frei (28), Thomas Duebendorfer (4), Thomas Kristensen (1), Thomas Maillart (1), Ulrich Fiedler (1), Urban Mäder (1)


Cyber Threats in Aviation - Any Lessons from other Industries Experience with Cyber?

Stefan Frei
This talk first addresses the peculiarities of the cyber security field and what the software industry had to painfully learn in the past decades in order to adapt to these new threats. To understand the cyber landscape and how it affects aviation we classify threat actors and explain global developments ..

April 21, 2016, Stefan Frei
Download Paper

.

Cyber Threats in Aviation - Any Lessons from other Industries Experience with Cyber?

Stefan Frei
With the rise of the internet and the increasing dependence of our society and economy on communication technologies, cyber security has become critical issue for all types of businesses. In just two decades, various industries were confronted with fundamentally new types of threats, threat actors and ..

September 7, 2015, Stefan Frei
Download Paper

.

Cyber Security: die aktuelle Bedrohungslage und ihre Entwicklung

Stefan Frei
In diesem Bericht beleuchten wir aus Sicht von Swisscom und der Schweiz die aktuelle Lage im Hinblick auf die Cyber-Bedrohungen und geben als führendes Schweizer ICT- Unternehmen eine Einschätzung der Entwicklungen für die kommenden 12 bis 24 Monate ab.

September 1, 2015, Swisscom
Download Paper

.

Cyber security: the current threat status and its development

Stefan Frei
This report sheds light on the current status of cyber threats from the perspective of Swisscom and of Switzerland as a whole. As a leading Swiss ICT provider, we bring to you an evaluation of the developments forecast for the coming 12 to 24 months.

September 1, 2015, Swisscom
Download Paper

.

Cybersécurité: les menaces actuelles et leur évolution

Stefan Frei
Dans le présent rapport, nous mettons en lumière la situation actuelle en matière de cybermenaces du point de vue de Swisscom et de la Suisse et, en tant qu’entreprise leader du marché des TIC en Suisse, donnons une estimation des développements attendus pour les 12 à 24 mois à venir.

September 1, 2015, Swisscom
Download Paper

.

Cyber Security: minacce attuali e relativa evoluzione

Stefan Frei
In questa relazione presenteremo la situazione attuale delle cyber-minacce dal punto di vista di Swisscom e della Svizzera e, come principale azienda ICT svizzera, forniremo una stima sulla loro evoluzione nei prossimi 1-2 anni.

September 1, 2015, Swisscom
Download Paper

.

Cyber Crime Threat Intelligence - Turkey

Stefan Frei
This paper explains how cyber criminals operate botnets and compromise victims at large scale, and informs organizations how to best utilize cyber threat intelligence to protect their business and deal with infected customers. In todays threat environment, security is as much about prevention as it is ..

August 24, 2014, CSIS
Download Paper

.

Why Your Data Breach is My Problem

Stefan Frei
Every data breach, regardless of its source, allows cyber criminals to refine current data, correlate it with new data, and create profiles that can identify millions of users – with severe consequences for their victims. Data that has been lost cannot be taken back - information such as social security ..

March 25, 2014,
Download Paper

.

International Vulnerability Purchase Program (IVPP)

Stefan Frei, Francisco Artes
The global economy increasingly has come to rely on information systems, and yet society remains in the early phases of adapting to the related opportunities and threats. Security depends largely on ethical researchers reporting vulnerabilities under the practices of coordinated disclosure. Meanwhile, ..

December 17, 2013,
Download Paper

.

The Known Unknowns in Cyber Security

Stefan Frei
Recently, there has been increased interest in the way in which security vulnerability information is managed and traded. Vulnerabilities that are known only to privileged closed groups, such as cyber criminals, brokers, and governments, pose a real and present risk to all who use the affected software. ..

December 5, 2013,
Download Paper

.

Correlation Of Detection Failures

Stefan Frei
A comparison of the block performances of multiple protection technologies reveals a significant correlation of failures to detect exploits. The number of exploits that were able to bypass layers of security is significantly higher than is the prediction for risk models ignoring correlation. This not ..

May 23, 2013,
Download Paper

.

Vulnerability Threat Trends

Stefan Frei
After the close of 2012 NSS Labs performed a comprehensive analysis of vulnerability data to identify industry wide threats and trends covering the last 10 years. Despite massive security investments of the software industry, vulnerability disclosures have risen considerably in 2012. Several additional ..

February 4, 2013,
Download Paper

.

Cybercrime Kill Chain vs. Effectiveness of Defense Layers

Stefan Frei, Francisco Artes
This talk examines the attackers' kill chain and the measured effectiveness of typical defense technologies such as Next Generation Firewalls, Intrusion Prevention Systems IPS, Antivirus/Malware Detection, and browsers internal protection. Empirical data on the effectiveness of security products derived ..

December, 2012, BlackHat Abu Dhabi
Download Paper

.

Cybercriminals do not need administrative users

Stefan Frei
This paper discusses the limitations of security by denying users administrative access to their systems, and highlights how cybercriminals can achieve their goals without administrative access.

August, 2011, Secunia
Download Paper

.

How to Secure a Moving Target with Limited Resources

Stefan Frei, Brian Birkvald
This white paper outlines the limitations of traditional defence mechanisms; specifically how cybercriminals have refined the malware manufacturing and development process to systematically bypass them – thereby initiating an arms race with defenders. Security patches are found to be a primary and effective ..

July, 2011, Secunia
Download Paper

.

Familiarity Breeds Contempt: The Honeymoon Effect and The Role of Legacy Code in Zero-Day Vulnerabilities

Sandy Clark, Stefan Frei, Matt Blaze, Jonathan Smith
Our analysis of software vulnerability data, including up to a decade of data for several versions of the most popular operating systems, server applications and user applications (both open and closed source), shows that properties extrinsic to the software play a much greater role in the rate of vulnerability ..

December 6, 2010, ACSAC 2010
Download Paper

.

Quantification of deviations from rationality with heavy-tails in human dynamics

Thomas Maillart, Didier Sornette, Stefan Frei, Thomas Duebendorfer, Alexander Saichev
The dynamics of technological, economic and social phenomena is controlled by how humans organize their daily tasks in response to both endogenous and exogenous stimulations. The general validity of the power law and the nature of other regimes remain unsettled. Using anonymized data collected by Google ..

July 23, 2010, arXiv
Download Paper

.

The Security Exposure Of Software Portfolios

Stefan Frei, Thomas Kristensen
In this paper, we examine the software portfolio of the average user based on empirical data from over two million users frequently scanning their systems with Secunias Personal Software Inspector (PSI). We demonstrate, that the complexity and frequency of the actions required to keep a typical end-user ..

March 1, 2010, RSA
Download Paper

.

Modelling the Security Ecosystem - The Dynamics of (In)Security

Stefan Frei, Dominik Schatzmann, Bernhard Plattner, Brian Trammel
In this paper we provide a metric for the success of the "responsible disclosure" process. We measure the prevalence of the commercial markets for vulnerability information and highlight the role of security information providers (SIP), which function as the "free press" of the ecosystem.

June 24, 2009, Workshop on the Economics of Information Security (WEIS)
Download Paper

.

Why Silent Updates Boost Security

Thomas Duebendorfer, Stefan Frei
In this paper we analyze the effectiveness of different Web browsers update mechanisms; from Google Chrome's silent update mechanism to Opera's update requiring a full re-installation

May 5, 2009, CRITIS 2009 Critical Infrastructures Security Workshop
Download Paper

.

Security Econometrics - The Dynamics of (In)Security

Stefan Frei
In this thesis I examine the security ecosystem, consolidating many aspects of security that have hitherto been discussed only separately. I analyze the paths vulnerability data take through the ecosystem, and the impact of each of these on security risk based on a quantitative analysis of 30,000 vulnerabilities ..

January, 2009, ETH Zurich
Download Paper

.

Firefox (In)Security Update Dynamics Exposed

Stefan Frei, Thomas Duebendorfer, Bernhard Plattner
Although there is an increasing trend for attacks against popular Web browsers, only little is known about the actual patch level of daily used Web browsers on a global scale. We conjecture that users in large part do not actually patch their Web browsers based on recommendations, perceived threats, ..

January, 2009, ACM SIGCOMM
Download Paper

.

Understanding The Web Browser Threat

Stefan Frei, Thomas Duebendorfer, Gunter Ollmann, Martin May
If you were to "hack the planet" how many hosts do you think you could compromise through a single vulnerable application technology? A million? A hundred-million? A billion? What kind of application is so ubiquitous that it would enable someone to launch a planet-wide attack? - why, the Web browser ..

August 10, 2008, DEFCON 16
Download Paper

.

Putting Private And Government CERT’s To The Test

Stefan Frei, Martin May
In an independent research project at ETH Zurich, we monitored for more than 18 months the world’s top security advisory providers. Due to a short 30-minute monitoring interval, we discovered significant differences in quality, quantity, and timeliness.

June 28, 2008, FIRST Conference, Vancouver, 2008
Download Paper

.

0-Day Patch - Exposing Vendors (In)security Performance

Stefan Frei, Bernhard Tellenbach, Bernhard Plattner
We introduce the 0-day patch rate as a new metric to measure and compare the performance of the vulnerability handling and patch development processes of major software vendors. We use this metric to analyze the performance of Microsoft and Apple over the past six years.

March 27, 2008, BLACKHAT Europe 2008
Download Paper

.

Large-Scale Vulnerability Analysis

Stefan Frei, Martin May, Ulrich Fiedler, Bernhard Plattner
We quantify the gap between exploit and patch availability for known vulnerabilities since 2000 and provide an analytical representation of our data which lays the foundation for further analysis and risk management.

September 11, 2006, ACM SIGCOMM 2006 Workshop
Download Paper

.

Technology Speed of Civil Jet Engines

Stefan Frei, Urban Mäder
The speed of technology innovation of civil jet engines is investigated. A technology measure based on airplane efficiency is derived and applied to jet airlines of different sizes and time periods, ranging back to the 1960's.

June 6, 2006, MTEC Case Study
Download Paper

.

Mail DDoS Attacks through Non Delivery Messages

Stefan Frei, Gunter Ollmann, Ivo Silvestri
Analysis and empirical study on how mail non-delivery notifications processes can be exploited to launch denial of service attacks.

April 5, 2004, Full Disclosure
Download Paper

.


About

HOME | TOOLS | BUG BOUNTY | TOP 10 | PUBLICATIONS IP Address: 54.163.158.163
Date Time: 2017-02-25 20:22:29
Recent Papers
Recent Press Coverage
© 2000-2017 Stefan Frei
techzoom.net