Keepers of the Machines: Examining How System Administrators Manage Software Updates For Multiple Machines


Frank Li, University of California, Berkeley; Lisa Rogers, University of Maryland; Arunesh Mathur, Princeton University; Nathan Malkin, University of California, Berkeley; Marshini Chetty, Princeton University

Awarded Distinguished Paper!


Keeping machines updated is crucial for maintaining system security. While recent studies have investigated the software updating practices of end users, system administrators have received less attention. Yet, system administrators manage numerous machines for their organizations, and security lapses at these hosts can lead to damaging attacks. To improve security at scale, we therefore also need to understand how this specific population behaves and how to help administrators keep machines up-to-date.

In this paper, we study how system administrators manage software updates. We surveyed 102 administrators and interviewed 17 in-depth to understand their processes and how their methods impact updating effectiveness. We find that system administrators proceed through software updates through five main stages that, while similar to those of end users, involve significantly different considerations and actions performed, highlighting the value of focusing specifically on the administrator population. By gathering evidence on how administrators conduct updates, we identify challenges that they encountered and limitations of existing procedures at all stages of the updating process. We observe issues with comprehensively acquiring meaningful information about available updates, effectively testing and deploying updates in a timely manner, recovering from update-induced problems, and interacting with organizational and management influences. Moving forward, we propose directions for future research and community actions that may help system administrators perform updates more effectively.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {238331,
author = {Frank Li and Lisa Rogers and Arunesh Mathur and Nathan Malkin and Marshini Chetty},
title = {Keepers of the Machines: Examining How System Administrators Manage Software Updates For Multiple Machines},
booktitle = {Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019)},
year = {2019},
isbn = {978-1-939133-05-2},
address = {Santa Clara, CA},
pages = {273--288},
url = {},
publisher = {USENIX Association},
month = aug

Presentation Video