TY - GEN
T1 - An experimental study of security vulnerabilities caused by errors
AU - Xu, Jun
AU - Chen, Shuo
AU - Kalbarczyk, Zbigniew T
AU - Iyer, Ravishankar K
N1 - Copyright:
Copyright 2010 Elsevier B.V., All rights reserved.
PY - 2001
Y1 - 2001
N2 - This paper presents an experimental study which shows that, for the Intel x86 architecture, single-bit control flow errors in the authentication sections of targeted applications can result in significant security vulnerabilities. The experiment targets two well-known Internet server applications: FTP and SSH (secure shell), injecting single-bit control flow errors into user authentication sections of the applications. The injected sections constitute approximately 2-8% of the text segment of the target applications. The results show that out of all activated errors (a) 1-2% compromised system security (create a permanent window of vulnerability), (b) 43-62% resulted in crash failures (about 8.5% of these errors create a transient window of vulnerability), and (c) 7-12% resulted in fail silence violations. A key reason for the measured security vulnerabilities is that, in the x86 architecture, conditional branch instructions are a minimum of one Hamming distance apart. The design and evaluation of a new encoding scheme that reduces or eliminates this problem is presented.
AB - This paper presents an experimental study which shows that, for the Intel x86 architecture, single-bit control flow errors in the authentication sections of targeted applications can result in significant security vulnerabilities. The experiment targets two well-known Internet server applications: FTP and SSH (secure shell), injecting single-bit control flow errors into user authentication sections of the applications. The injected sections constitute approximately 2-8% of the text segment of the target applications. The results show that out of all activated errors (a) 1-2% compromised system security (create a permanent window of vulnerability), (b) 43-62% resulted in crash failures (about 8.5% of these errors create a transient window of vulnerability), and (c) 7-12% resulted in fail silence violations. A key reason for the measured security vulnerabilities is that, in the x86 architecture, conditional branch instructions are a minimum of one Hamming distance apart. The design and evaluation of a new encoding scheme that reduces or eliminates this problem is presented.
UR - http://www.scopus.com/inward/record.url?scp=0035789487&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=0035789487&partnerID=8YFLogxK
U2 - 10.1109/DSN.2001.941426
DO - 10.1109/DSN.2001.941426
M3 - Conference contribution
AN - SCOPUS:0035789487
SN - 0769511015
SN - 9780769511016
T3 - Proceedings of the International Conference on Dependable Systems and Networks
SP - 421
EP - 430
BT - Proceedings of the International Conference on Dependable Systems and Networks
A2 - Young, D.C.
A2 - Young, D.C.
T2 - Proceedings of the International Conference on Dependable Systems and Networks
Y2 - 1 July 2001 through 4 July 2001
ER -