1 Evaluating the Security Threat of Instruction Corruptions in Firewalls Shuo Chen, Jun Xu, Ravishankar K. Iyer, Keith Whisnant Center of Reliable and.

Slides:

Advertisements

Similar presentations

An Overview of ABFT in cloud computing

Advertisements

PID Control Loops Guy Zebrick.

Fill in missing numbers or operations

Zhongxing Telecom Pakistan (Pvt.) Ltd

Pricing for Utility-driven Resource Management and Allocation in Clusters Chee Shin Yeo and Rajkumar Buyya Grid Computing and Distributed Systems (GRIDS)

The 4 T’s of Test Automation:

Chao Liu, Chen Chen, Jiawei Han, Philip S. Yu

Effective Change Detection Using Sampling Junghoo John Cho Alexandros Ntoulas UCLA.

International Technology Alliance In Network & Information Sciences International Technology Alliance In Network & Information Sciences 1 Interference.

Making the System Operational

DCSP-20 Jianfeng Feng Department of Computer Science Warwick Univ., UK

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.

Chris Morgan, MATH G160 January 30, 2012 Lecture 9 Chapter 4.1: Combinations 1.

Secure Time Synchronization Service for Sensor Networks S. Ganeriwal, R. Kumar, M. B. Sirvastava Presented by: Kaiqi Xiong 11/28/2005 Computer Science.

Pinwheel Scheduling for Power-Aware Real-Time Systems Gaurav Chitroda Komal Kasat Nalini Kumar.

Microprocessor Architecture Pipelined Architecture

Reducing Energy Consumption of Disk Storage Using Power Aware Cache Management Qingbo Zhu, Francis M. David, Christo F. Deveraj, Zhenmin Li, Yuanyuan Zhou.

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc

3-1 ©2013 Raj Jain Washington University in St. Louis Selection of Techniques and Metrics Raj Jain Washington.

Debugging operating systems with time-traveling virtual machines Sam King George Dunlap Peter Chen CoVirt Project, University of Michigan.

© Richard A. Medeiros 2004 x y Function Machine Function Machine next.

Intel Software College Tuning Threading Code with Intel® Thread Profiler for Explicit Threads.

Outline Introduction Assumptions and notations

Complex Test Suites Organization Victor Kuliamin ISP RAS, Moscow.

(This presentation may be used for instructional purposes)

Threads, SMP, and Microkernels

Operating Systems Operating Systems - Winter 2011 Dr. Melanie Rieback Design and Implementation.

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)

Shortest Violation Traces in Model Checking Based on Petri Net Unfoldings and SAT Victor Khomenko University of Newcastle upon Tyne Supported by IST project.

COMP1214 Systems & Platforms: Operating Systems Concepts Dr. Yvonne Howard – Rikki Prince – 1.

15 May 2006Collaboration Board GridPP3 Planning Executive Summary Steve Lloyd.

Security metrics in SCADA system Master of Computer and Information Science Student: Nguyen Duc Nam Supervisor: Elena Sitnikova.

Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 3: Operating Systems Computer Science: An Overview Tenth Edition.

Requirements Analysis Moving to Design b521.ppt © Copyright De Montfort University 2000 All Rights Reserved INFO2005 Requirements Analysis.

Lecture 8: Testing, Verification and Validation

Introduction to Feedback Systems / Önder YÜKSEL Bode plots 1 Frequency response:

Palmer House Hilton – Private Dining Room 9

KAIST Computer Architecture Lab. The Effect of Multi-core on HPC Applications in Virtualized Systems Jaeung Han¹, Jeongseob Ahn¹, Changdae Kim¹, Youngjin.

Federal Aviation Administration 0 The Impact of Synthetic Fuels on FAA Flammability Requirements June 24, The Impact of Low Flashpoint Fuels on.

On Dynamic Load Balancing on Graphics Processors Daniel Cederman and Philippas Tsigas Chalmers University of Technology.

Fakultät für informatik informatik 12 technische universität dortmund Lab 3: Scheduling Solution - Session 10 - Heiko Falk TU Dortmund Informatik 12 Germany.

Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.

1 Undirected Graphical Models Graphical Models – Carlos Guestrin Carnegie Mellon University October 29 th, 2008 Readings: K&F: 4.1, 4.2, 4.3, 4.4,

Compiler Construction

Analyzing Engineering Process Data at Microsoft: What's the Opportunity? 1 Wolfram Schulte, 7/17/2013 Microsoft Corporation Software Experts Summit 2013.

Code Generation.

Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.

Experimental Evaluation of a SIFT Environment for Parallel Spaceborne Applications K. Whisnant, Z. Kalbarczyk, R.K. Iyer, P. Jones Center for Reliable.

Markov Reward Models By H. Momeni Supervisor: Dr. Abdollahi Azgomi.

An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.

1 Achieving Trusted Systems by Providing Security and Reliability (Research Project #22) Project Members: Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

Is Apple’s iMac Operating System Secure under flooding Attacks? by aditya chintala.

Operating Systems.

CSCE 548 Secure Software Development Test 1 Review.

Yongzhi Wang, Jinpeng Wei VIAF: Verification-based Integrity Assurance Framework for MapReduce.

Title of Selected Paper: IMPRES: Integrated Monitoring for Processor Reliability and Security Authors: Roshan G. Ragel and Sri Parameswaran Presented by:

ATCA at UIUC M. Haney, M. Kasten High Energy Physics Z. Kalbarczyk, T. Pham, T. Nguyen Coordinated Science Laboratory ILLINOIS UNIVERSITY OF ILLINOIS AT.

Automatic Diagnosis and Response to Memory Corruption Vulnerabilities Authors: Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, Chris Bookholt Cyber Defense.

OPERATING SYSTEM REVIEW. System Software The programs that control and maintain the operation of the computer and its devices The two parts of system.

Chapter 13 Network Security Auditing Antivirus Firewalls Authentication Authorization Encryption.

Internet Quarantine: Requirements for Containing Self-Propagating Code

Operating System Review

Operating System Review

By Dunlap, King, Cinar, Basrai, Chen

Using An Isolated Network to Teach Advanced Networks and Security

Operating System Review

Operating System Introduction.

Presentation transcript:

1 Evaluating the Security Threat of Instruction Corruptions in Firewalls Shuo Chen, Jun Xu, Ravishankar K. Iyer, Keith Whisnant Center of Reliable and High Performance Computing Coordinated Science Laboratory University of Illinois at Urbana-Champaign June 24, 2002

2 Objectives Can transient errors cause security vulnerabilities in firewall software? Combine fault injection measurement with processor architecture details to develop a SAN model depicting the reliability, performance, and security of the firewall. Use the SAN model and publicly available security data to assess the relative significance of error-caused security violations.

3 Definitions of Terms Error-caused security vulnerability occurs when an error results in putting the software in a state where any packet can enter the system unchecked. Window of vulnerability is the time period during which such a vulnerability persists Security violation occurs when a number of malicious packets sufficient to launch an actual attack enter the system during a window of vulnerability

4 Errors, Vulnerabilities and Security Violations Temporary SV Erroneous instruction is evicted from cache Permanent SV Detected by intrusion detection systems, or system crash by new faults or latent faults Fault is not manifested Window of temporary security vulnerability Window of permanent security vulnerability Fault crashes the system Error Security vulnerability window System reboot Time t1t1 t2t2 t3t3 t4t4 t5t5 t6t6 t7t7 t8t8 Malicious packets

5 Fault Injection Experiment Address Pool Driver-based Linux Kernel Fault Injector Rule: Reject packet from attacker machine. Firewall Code Firewall machine Attacker Machine Firewall Log 5

6 Outcomes of Fault Injection Experiments Four categories of outcomes Not Activated or Not manifested: 78% CRASH + HANG: 20% Temporary security vulnerability: disappears when the erroneous location is overwritten, cached out or the system is re- booted. 2% Permanent security vulnerability: corrupts the semantic or structural integrity of the permanent data structures. Removing the errors does not eliminate the permanent security vulnerability. 0.05% Fault injection results used as parameters in the SAN model.

7 Error Sub- model Input Gates Workload Sub- model Overview of the SAN Model error error occurrence processor execution core cache cache replacement cache fetch maintenance reboot crash/hang P_SV T_SV reboot not manifested error CPU working packet firewall enable packet processing non-firewall workload idle non-firewall workload processing idle time job dispatch job non-firewall workload execution firewall execution non-firewall workload enable rp_out Error sub-model Workload sub-model flush all places task switch SAN Model: quantifies the relationship between processor architecture, workload, and errors characteristics

8 Error Sub-Model error error occurrence rate processor execution core cache cache replacement cache fetch Crash+Hang Perm. Security Vulnerability Temp. Security Vulnerability NA+NM non-firewall workload ex firewall ex Calculate the probability that a token arrives into Temporary Security Vulnerability or Permanent Security Vulnerability places Calculate the number of packets getting through the firewall in a single vulnerability window

9 Workload Sub-Model packet packet processing non-firewall workload idle non-firewall workload processing idle time job dispatch job

10 Rates of Security Vulnerabilities Rate of Temporary Security Vulnerability (TSV) with 0.1 Error/Day for 20 Firewall Machines Rate of Permanent Security Vulnerability (PSV) with 0.1 Error/Day for 20 Firewall Machines Average 14.9/yearAverage 0.37/year

11 Size of Vulnerability Windows Vulnerability window size links security vulnerabilities and security violations In order to calculate the rates of security violations, we need the distribution of the size of the security vulnerability window Assume 30% packets are malicious

12 Distribution of Number of Packets in a Vulnerability Window Probability Distribution: Processor Utilization by firewall = 50% non-firewall workload=10% malicious packet rate=30% Probability of Security Violation, given a security vulnerability P(security violation | security vulnerability)=0.197

13 Frequency of Security Violations Network protected by 20 firewalls Firewall Processor Util.: 50% Non-firewall workload: 10% Error rate: 0.1 error/day Malicious packet percentage Rate of error-cause violations per year 20% % %2.76 Operating System # kernel-related security vulnerabilities Time periodRate of software security bugs per year RedHat Linux1211/ / Solaris / / Windows / / Rate of Kernel-Related Software Security Bugs Rate of Error-Caused Security Violations

14 Conclusions There exist error-caused security vulnerabilities in firewall software. Transient errors can cause permanent security vulnerability. Errors propagate to permanent data structures. There is a non-negligible probability that error- caused security vulnerabilities become security violations.

15 Major References D. Stott. Automated Fault-Injection-Based Dependability Analysis of Distributed Computer Systems. Ph.D. Dissertation, UIUC, A. Ghosh et al. An Automated Approach for Identifying Potential Vulnerabilities in Software. IEEE Symp. on Security and Privacy, May J. Xu, S. Chen, Z. Kalbarczyk, R. Iyer. An Experimental Study of Security Vulnerabilities Caused by Errors. IEEE DSN01. July /30/2001