Security assessment for application network services using fault injection

Hyungwoo Kang, Dong Hoon Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Vulnerabilities in network protocol software have been problematic since Internet infrastructure was deployed. These vulnerabilities damage the reliability of network software and create security holes in computing environment. Many critical security vulnerabilities exist in application network services of which specification or description has not been published. In this paper, we propose a security assessment methodology based on fault injection techniques to improve reliability of the application network services with no specifications published. We also implement a tool for security testing based on the proposed methodology. Windows RPC network services are chosen as an application network service considering its unknown protocol specification and are validated by the methodology. It turns out that the tool detects unknown vulnerabilities in Windows network module.

Original languageEnglish
Title of host publicationIntelligence and Security Informatics - Pacific Asia Workshop, PAISI 2007, Proceedings
PublisherSpringer Verlag
Pages172-183
Number of pages12
ISBN (Print)9783540715481
DOIs
Publication statusPublished - 2007
Event2007 Pacific Asia Workshop on Intelligence and Security Informatics, PAISI 2007 - Chengdu, China
Duration: 2007 Apr 112007 Apr 12

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4430 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other2007 Pacific Asia Workshop on Intelligence and Security Informatics, PAISI 2007
CountryChina
CityChengdu
Period07/4/1107/4/12

Keywords

  • Buffer overflow
  • Fault injection
  • RPC (remote procedure call)
  • Security assessment
  • Software security

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Security assessment for application network services using fault injection'. Together they form a unique fingerprint.

  • Cite this

    Kang, H., & Lee, D. H. (2007). Security assessment for application network services using fault injection. In Intelligence and Security Informatics - Pacific Asia Workshop, PAISI 2007, Proceedings (pp. 172-183). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4430 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-540-71549-8_15