Modeling and evaluating the security threats of transient errors in firewall software
نویسندگان
چکیده
This paper experimentally evaluates and models the error-caused security vulnerabilities and the resulting security violations on two Linux kernel firewalls: IPChains and Netfilter. There are two major aspects to this work: to conduct extensive error injection experiments on the Linux kernel and to quantify the possibility of error-caused security violations using a Stochastic Activity Network (SAN) model. The error injection experiments show that about 2% of errors injected into the firewall code segment cause security vulnerabilities. Two types of error-caused security vulnerabilities are distinguished: temporary, which disappear when the error disappears, and permanent, which persist even after the error is removed, as long as the system is not rebooted. Results from simulating the SAN model indicate that under an error rate of 0.1 error per day during a 1-year period in a networked system protected by 20 firewalls, two machines (on the average) will experience security violations. This indicates that error-caused security vulnerabilities can be a non-negligible source of a security threat to a highly secure system. © 2003 Elsevier B.V. All rights reserved.
منابع مشابه
Evaluating the Security Threat of Firewall Data Corruption Caused by Instruction Transient Errors
This paper experimentally evaluates and models the error-caused security vulnerabilities and the resulting security violations of two Linux kernel firewalls: IPChains and Netfilter. There are two major aspects to this work: to conduct extensive error injection experiments on the Linux kernel and to quantify the possibility of error-caused security violations using a SAN model. The error injecti...
متن کاملMeasuring Security Investment Benefit for Off the Shelf Software Systems - A Stakeholder Value Driven Approach
This paper presents the Threat Modeling method based on Attacking Path Analysis (T-MAP) which quantifies security threats by calculating the total severity weights of relevant attacking paths for Commercial Off The Shelf (COTS) based systems. Compared to existing approaches, T-MAP is sensitive to an organization’s business value priorities and IT environment. It distills the technical details o...
متن کاملDesign and Implementation of a Network Security Model for Cooperative Network
In this paper a design and implementation of a network security model was presented, using routers and firewall. Also this paper was conducted the network security weakness in router and firewall network devices, type of threats and responses to those threats, and the method to prevent the attacks and hackers to access the network. Also this paper provides a checklist to use in evaluating wheth...
متن کاملA New Method for Intrusion Detection Using Genetic Algorithm and Neural network
Abstract— In order to provide complete security in a computer system and to prevent intrusion, intrusion detection systems (IDS) are required to detect if an attacker crosses the firewall, antivirus, and other security devices. Data and options to deal with it. In this paper, we are trying to provide a model for combining types of attacks on public data using combined methods of genetic algorit...
متن کاملMeasuring Security Investment Benefit for COTS Based Systems - A Stakeholder Value Driven Approach
This paper presents the Threat Modeling method based on Attacking Path Analysis (T-MAP) which quantifies security threats by calculating the total severity weights of relevant attacking paths for Commercial Off The Shelf (COTS) based systems. Compared to existing approaches, T-MAP is sensitive to an organization’s business value priorities and IT environment. It distills the technical details o...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Perform. Eval.
دوره 56 شماره
صفحات -
تاریخ انتشار 2004