Abstract

This paper presents an experimental study which shows that, for the Intel x86 architecture, single-bit control flow errors in the authentication sections of targeted applications can result in significant security vulnerabilities. The experiment targets two well-known Internet server applications: FTP and SSH (secure shell), injecting single-bit control flow errors into user authentication sections of the applications. The injected sections constitute approximately 2-8% of the text segment of the target applications. The results show that out of all activated errors (a) 1-2% compromised system security (create a permanent window of vulnerability), (b) 43-62% resulted in crash failures (about 8.5% of these errors create a transient window of vulnerability), and (c) 7-12% resulted in fail silence violations. A key reason for the measured security vulnerabilities is that, in the x86 architecture, conditional branch instructions are a minimum of one Hamming distance apart. The design and evaluation of a new encoding scheme that reduces or eliminates this problem is presented.

Original languageEnglish (US)
Title of host publicationProceedings of the International Conference on Dependable Systems and Networks
EditorsD.C. Young, D.C. Young
Pages421-430
Number of pages10
DOIs
StatePublished - Dec 1 2001
EventProceedings of the International Conference on Dependable Systems and Networks - Goteborg, Sweden
Duration: Jul 1 2001Jul 4 2001

Publication series

NameProceedings of the International Conference on Dependable Systems and Networks

Other

OtherProceedings of the International Conference on Dependable Systems and Networks
CountrySweden
CityGoteborg
Period7/1/017/4/01

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'An experimental study of security vulnerabilities caused by errors'. Together they form a unique fingerprint.

  • Cite this

    Xu, J., Chen, S., Kalbarczyk, Z. T., & Iyer, R. K. (2001). An experimental study of security vulnerabilities caused by errors. In D. C. Young, & D. C. Young (Eds.), Proceedings of the International Conference on Dependable Systems and Networks (pp. 421-430). (Proceedings of the International Conference on Dependable Systems and Networks). https://doi.org/10.1109/DSN.2001.941426