Evaluating the security threat of firewall data corruption caused by instruction transient errors

Shuo Chen, Jun Xu, Ravishankar K Iyer, Keith Whisnant

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

This paper experimentally evaluates and models the error-caused security vulnerabilities and the resulting security violations of two Linux kernel firewalls: IPChains and Netfilter. There are two major aspects to this work: to conduct extensive error injection experiments on the Linux kernel and to quantify the possibility of error-caused security violations using a SAN model. The error injection experiments show that about 2% of errors injected into the firewall code segment cause security vulnerabilities. Two types of error-caused security vulnerabilities are distinguished: temporary, which disappear when the error disappears, and permanent, which persist even after the error is removed, as long as the system is not rebooted. Results from simulating the SAN model indicate that under an error rate of 0.1 error/day during a 1-year period in a networked system protected by 20 firewalls, 2 machines (on the average) will experience security violations. This indicates that error-caused security vulnerabilities can be a non-negligible source of a security threats to a highly secure system.

Original languageEnglish (US)
Title of host publicationProceedings of the 2002 International Conference on Dependable Systems and Networks
Pages495-504
Number of pages10
StatePublished - Dec 1 2002
EventProceedings of the 2002 International Conference on Dependable Systems and Networks DNS 2002 - Washington, DC, United States
Duration: Jun 23 2002Jun 26 2002

Publication series

NameProceedings of the 2002 International Conference on Dependable Systems and Networks

Other

OtherProceedings of the 2002 International Conference on Dependable Systems and Networks DNS 2002
CountryUnited States
CityWashington, DC
Period6/23/026/26/02

ASJC Scopus subject areas

  • Engineering(all)

Fingerprint Dive into the research topics of 'Evaluating the security threat of firewall data corruption caused by instruction transient errors'. Together they form a unique fingerprint.

Cite this