Modeling and evaluating the security threats of transient errors in firewall software

Shuo Chen, Jun Xu, Zbigniew Kalbarczyk, Ravishankar K. Iyer, Keith Whisnant

Research output: Contribution to journalArticlepeer-review


This paper experimentally evaluates and models the error-caused security vulnerabilities and the resulting security violations on two Linux kernel firewalls: IPChains and Netfilter. There are two major aspects to this work: to conduct extensive error injection experiments on the Linux kernel and to quantify the possibility of error-caused security violations using a Stochastic Activity Network (SAN) model. The error injection experiments show that about 2% of errors injected into the firewall code segment cause security vulnerabilities. Two types of error-caused security vulnerabilities are distinguished: temporary, which disappear when the error disappears, and permanent, which persist even after the error is removed, as long as the system is not rebooted. Results from simulating the SAN model indicate that under an error rate of 0.1 error per day during a 1-year period in a networked system protected by 20 firewalls, two machines (on the average) will experience security violations. This indicates that error-caused security vulnerabilities can be a non-negligible source of a security threat to a highly secure system.

Original languageEnglish (US)
Pages (from-to)53-72
Number of pages20
JournalPerformance Evaluation
Issue number1-4
StatePublished - Mar 2004


  • Firewall software
  • SAN model
  • Security
  • Transient errors

ASJC Scopus subject areas

  • Software
  • Modeling and Simulation
  • Hardware and Architecture
  • Computer Networks and Communications


Dive into the research topics of 'Modeling and evaluating the security threats of transient errors in firewall software'. Together they form a unique fingerprint.

Cite this