Abstract / Description of output
0-day brokers are market makers who serve both adversaries seeking to exploit computer systems and researchers who develop the means to do so. This involves searching for buyers/sellers, negotiating prices and contracts, and monitoring the contract. In this paper we characterise the search aspect of 0-day broking. We extracted longitudinal data on two brokers who list prices on a public website and then plotted how the price of different types of exploit and targeted systems changed over time. As the data is not updated sufficiently regularly or frequently to build a timeseries model, we conducted a regression analysis of the most recent snapshot of prices. The results suggest that properties of the exploit (e.g. the functionality it achieves) provide the most explanatory power, and that the system targeted by the exploit provides less explanatory power. We compare the price of exploit to three metrics (number of CVEs, detected 0-days, and user base) over time. Finally, we discuss what inferences we can make about systems security and the operations of adversaries, hypothesising a trade-off between secrecy and the competitiveness of the supply-side. 0-day brokers who publicly advertise prices offer cheap exploits but little secrecy.
Original language | English |
---|---|
Number of pages | 25 |
Publication status | Published - 22 Jun 2022 |
Event | The 21st Workshop on the Economics of Information Security - Tulsa, United States Duration: 21 Jun 2022 → 22 Jun 2022 Conference number: 21 https://weis2022.econinfosec.org/ |
Workshop
Workshop | The 21st Workshop on the Economics of Information Security |
---|---|
Abbreviated title | WEIS 2022 |
Country/Territory | United States |
City | Tulsa |
Period | 21/06/22 → 22/06/22 |
Internet address |