Papers by Stefan Frei

New Publication

• Understanding the Web browser threat, 2008
  
Examination of vulnerable online Web browser populations and the "insecurity iceberg".
Author(s): Stefan Frei [ETH], Thomas Dübendorfer [Google], Gunter Ollmann [IBM ISS], Martin May [ETH]
Published: DefCon 16 2008, 10-Aug-2008 Las Vegas, USA, ETH Tech Report 288, 01-Jul-2008
[ Paper | HTML | slides | video | bibtex | media coverage ]

Past Publications

• Putting private and government CERT’s to the test, 2008
  
In an independent research project at ETH Zurich, we monitored for more than 18 months the world’s top security advisory providers. Due to a short 30-minute monitoring interval, we discovered significant differences in quality, quantity, and timeliness.
Author(s): Stefan Frei [ETH], Martin May [ETH]
Published: FIRST Annual Conference 2008, 27-Jun-2008 Vancouver, Canada
[ Paper | slides | bibtex ]

• 0-Day Patch - Exposing Vendors (In)security Performance, 2008
  
We introduce the 0-day patch rate as a new metric to measure and compare the performance of the vulnerability handling and patch development processes of major software vendors. We use this metric to analyze Microsoft and Apple.
Author(s): Stefan Frei, Bernhard Tellenbach, Bernhard Plattner
Published: BlackHat 2008 Europe, 27-Mar-2008 Amsterdam NL
[ Paper | HTML | slides | video | bibtex | media coverage ]

• Large-Scale Vulnerability Analysis, 2006
  
We quantify the gap between exploit and patch availability for known vulnerabilities since 2000 and provide an analytical representation of our data which lays the foundation for further analysis and risk management.
Author(s): Stefan Frei, Martin May, Ulrich Fiedler, Bernhard Plattner
Published: ACM SIGCOMM 2006 Workshop, 11-Sep-2006 Pisa, Italy
[ Paper | bibtex ]

• The Speed of (In)Security, 2006
  
In depth analysis of the speed of security vs. the speed of insecurity.
Author(s): Stefan Frei, Martin May
Published: BlackHat 2006 USA, 03-Aug-2006 Las Vegas, USA
[ Paper | bibtex ]

• Technology Speed of Civil Jet Engines, 2006
  
The speed of technology innovation of civil jet engines is investigated. A technology measure based on airplane efficiency is derived and applied to jet airlines of different sizes and time periods, ranging back to the 1960’s.
Author(s): Stefan Frei, Urban Mäder
Case study at MTEC, 2006
[ Paper ]

• Mail DDoS Attacks through Non Delivery Messages, 2004
  
Analysis and empirical study on how mail non-delivery notifications processes can be exploited to launch denial of service attacks.
Author(s): Stefan Frei, Gunter Ollmann, Ivo Silvestri
Covered by: NewScientist, TheRegister, Heise Security
Published: FullDisclosure, 05-Apr-2004
[ Paper | HTML | bibtex ]