From Paranoia to Compliance: The Bumpy Road of System Hardening Practices on Stack Exchange

• URL: http://arxiv.org/abs/2507.13028v1
• Date: Thu, 17 Jul 2025 11:57:11 GMT
• Title: From Paranoia to Compliance: The Bumpy Road of System Hardening Practices on Stack Exchange
• Authors: Niklas Busch, Philip Klostermeyer, Jan H. Klemmer, Yasemin Acar, Sascha Fahl,
• Abstract summary: Many computer systems and applications remain insecure.<n>Access control and deployment-related issues are the most challenging.<n>System operators suffer from misconceptions and unrealistic expectations.
• Score: 19.173563392743773
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Hardening computer systems against cyberattacks is crucial for security. However, past incidents illustrated, that many system operators struggle with effective system hardening. Hence, many computer systems and applications remain insecure. So far, the research community lacks an in-depth understanding of system operators motivation, practices, and challenges around system hardening. With a focus on practices and challenges, we qualitatively analyzed 316 Stack Exchange (SE) posts related to system hardening. We find that access control and deployment-related issues are the most challenging, and system operators suffer from misconceptions and unrealistic expectations. Most frequently, posts focused on operating systems and server applications. System operators were driven by the fear of their systems getting attacked or by compliance reasons. Finally, we discuss our research questions, make recommendations for future system hardening, and illustrate the implications of our work.

Related papers

• A Survey of Fuzzing Open-Source Operating Systems [11.770015366564774]
  Vulnerabilities in open-source operating systems pose substantial security risks.<n> fuzzing (OSF) faces unique challenges due to OS complexity and multi-layered interaction.<n>This work systematically surveys the state-of-the-art OSF techniques.
  arXiv  Detail & Related papers  (2025-02-17T02:53:02Z)
• New Security Challenges Towards In-Sensor Computing Systems [0.13812010983144798]
  In-Sensor Computing (ISC) systems emerge as a promising alternative to save energy on massive data transmission, analog-to-digital conversion, and ineffective processing.<n>This work compares the security challenges of traditional sensor-involved computing systems and emerging ISC systems.<n>New attack scenarios are predicted for board-, chip-, and device-level ISC systems.
  arXiv  Detail & Related papers  (2025-02-07T16:09:47Z)
• After the Breach: Incident Response within Enterprises [0.0]
  We present a survey of systems that perform automated attack investigation. We discuss the challenges faced by these systems, and present a comparison in terms of their effectiveness, practicality, and ability to address these challenges.
  arXiv  Detail & Related papers  (2024-04-30T18:00:00Z)
• Leveraging Traceability to Integrate Safety Analysis Artifacts into the Software Development Process [51.42800587382228]
  Safety assurance cases (SACs) can be challenging to maintain during system evolution. We propose a solution that leverages software traceability to connect relevant system artifacts to safety analysis models. We elicit design rationales for system changes to help safety stakeholders analyze the impact of system changes on safety.
  arXiv  Detail & Related papers  (2023-07-14T16:03:27Z)
• Interactive System-wise Anomaly Detection [66.3766756452743]
  Anomaly detection plays a fundamental role in various applications. It is challenging for existing methods to handle the scenarios where the instances are systems whose characteristics are not readily observed as data. We develop an end-to-end approach which includes an encoder-decoder module that learns system embeddings.
  arXiv  Detail & Related papers  (2023-04-21T02:20:24Z)
• Inspect, Understand, Overcome: A Survey of Practical Methods for AI Safety [54.478842696269304]
  The use of deep neural networks (DNNs) in safety-critical applications is challenging due to numerous model-inherent shortcomings. In recent years, a zoo of state-of-the-art techniques aiming to address these safety concerns has emerged. Our paper addresses both machine learning experts and safety engineers.
  arXiv  Detail & Related papers  (2021-04-29T09:54:54Z)
• Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
  Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
  arXiv  Detail & Related papers  (2020-10-19T13:09:31Z)
• A game-theoretic analysis of networked system control for common-pool resource management using multi-agent reinforcement learning [54.55119659523629]
  Multi-agent reinforcement learning has recently shown great promise as an approach to networked system control. Common-pool resources include arable land, fresh water, wetlands, wildlife, fish stock, forests and the atmosphere.
  arXiv  Detail & Related papers  (2020-10-15T14:12:26Z)
• On the Social and Technical Challenges of Web Search Autosuggestion Moderation [118.47867428272878]
  Autosuggestions are typically generated by machine learning (ML) systems trained on a corpus of search logs and document representations. While current search engines have become increasingly proficient at suppressing such problematic suggestions, there are still persistent issues that remain. We discuss several dimensions of problematic suggestions, difficult issues along the pipeline, and why our discussion applies to the increasing number of applications beyond web search.
  arXiv  Detail & Related papers  (2020-07-09T19:22:00Z)
• A systematic review and taxonomy of explanations in decision support and recommender systems [13.224071661974596]
  We systematically review the literature on explanations in advice-giving systems. We derive a novel comprehensive taxonomy of aspects to be considered when designing explanation facilities.
  arXiv  Detail & Related papers  (2020-06-15T18:19:20Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.