TY - GEN
T1 - Evaluating the security threat of firewall data corruption caused by instruction transient errors
AU - Chen, Shuo
AU - Xu, Jun
AU - Iyer, Ravishankar K
AU - Whisnant, Keith
PY - 2002/12/1
Y1 - 2002/12/1
N2 - This paper experimentally evaluates and models the error-caused security vulnerabilities and the resulting security violations of two Linux kernel firewalls: IPChains and Netfilter. There are two major aspects to this work: to conduct extensive error injection experiments on the Linux kernel and to quantify the possibility of error-caused security violations using a SAN model. The error injection experiments show that about 2% of errors injected into the firewall code segment cause security vulnerabilities. Two types of error-caused security vulnerabilities are distinguished: temporary, which disappear when the error disappears, and permanent, which persist even after the error is removed, as long as the system is not rebooted. Results from simulating the SAN model indicate that under an error rate of 0.1 error/day during a 1-year period in a networked system protected by 20 firewalls, 2 machines (on the average) will experience security violations. This indicates that error-caused security vulnerabilities can be a non-negligible source of a security threats to a highly secure system.
AB - This paper experimentally evaluates and models the error-caused security vulnerabilities and the resulting security violations of two Linux kernel firewalls: IPChains and Netfilter. There are two major aspects to this work: to conduct extensive error injection experiments on the Linux kernel and to quantify the possibility of error-caused security violations using a SAN model. The error injection experiments show that about 2% of errors injected into the firewall code segment cause security vulnerabilities. Two types of error-caused security vulnerabilities are distinguished: temporary, which disappear when the error disappears, and permanent, which persist even after the error is removed, as long as the system is not rebooted. Results from simulating the SAN model indicate that under an error rate of 0.1 error/day during a 1-year period in a networked system protected by 20 firewalls, 2 machines (on the average) will experience security violations. This indicates that error-caused security vulnerabilities can be a non-negligible source of a security threats to a highly secure system.
UR - http://www.scopus.com/inward/record.url?scp=0036931376&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=0036931376&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:0036931376
SN - 0769515975
T3 - Proceedings of the 2002 International Conference on Dependable Systems and Networks
SP - 495
EP - 504
BT - Proceedings of the 2002 International Conference on Dependable Systems and Networks
T2 - Proceedings of the 2002 International Conference on Dependable Systems and Networks DNS 2002
Y2 - 23 June 2002 through 26 June 2002
ER -