Security assessment for application network services using fault injection

Hyungwoo Kang, Dong Hoon Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Vulnerabilities in network protocol software have been problematic since Internet infrastructure was deployed. These vulnerabilities damage the reliability of network software and create security holes in computing environment. Many critical security vulnerabilities exist in application network services of which specification or description has not been published. In this paper, we propose a security assessment methodology based on fault injection techniques to improve reliability of the application network services with no specifications published. We also implement a tool for security testing based on the proposed methodology. Windows RPC network services are chosen as an application network service considering its unknown protocol specification and are validated by the methodology. It turns out that the tool detects unknown vulnerabilities in Windows network module.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages172-183
Number of pages12
Volume4430 LNCS
Publication statusPublished - 2007 Dec 1
Event2007 Pacific Asia Workshop on Intelligence and Security Informatics, PAISI 2007 - Chengdu, China
Duration: 2007 Apr 112007 Apr 12

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4430 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other2007 Pacific Asia Workshop on Intelligence and Security Informatics, PAISI 2007
CountryChina
CityChengdu
Period07/4/1107/4/12

Fingerprint

Fault Injection
Software
Specifications
Vulnerability
Injections
Internet
Network protocols
Specification
Methodology
Unknown
Network Protocols
Testing
Damage
Infrastructure
Module
Computing

Keywords

  • Buffer overflow
  • Fault injection
  • RPC (remote procedure call)
  • Security assessment
  • Software security

ASJC Scopus subject areas

  • Computer Science(all)
  • Biochemistry, Genetics and Molecular Biology(all)
  • Theoretical Computer Science

Cite this

Kang, H., & Lee, D. H. (2007). Security assessment for application network services using fault injection. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4430 LNCS, pp. 172-183). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4430 LNCS).

Security assessment for application network services using fault injection. / Kang, Hyungwoo; Lee, Dong Hoon.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4430 LNCS 2007. p. 172-183 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4430 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kang, H & Lee, DH 2007, Security assessment for application network services using fault injection. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 4430 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4430 LNCS, pp. 172-183, 2007 Pacific Asia Workshop on Intelligence and Security Informatics, PAISI 2007, Chengdu, China, 07/4/11.
Kang H, Lee DH. Security assessment for application network services using fault injection. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4430 LNCS. 2007. p. 172-183. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
Kang, Hyungwoo ; Lee, Dong Hoon. / Security assessment for application network services using fault injection. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4430 LNCS 2007. pp. 172-183 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{768ea65b9e7b4150abc973078aa812e8,
title = "Security assessment for application network services using fault injection",
abstract = "Vulnerabilities in network protocol software have been problematic since Internet infrastructure was deployed. These vulnerabilities damage the reliability of network software and create security holes in computing environment. Many critical security vulnerabilities exist in application network services of which specification or description has not been published. In this paper, we propose a security assessment methodology based on fault injection techniques to improve reliability of the application network services with no specifications published. We also implement a tool for security testing based on the proposed methodology. Windows RPC network services are chosen as an application network service considering its unknown protocol specification and are validated by the methodology. It turns out that the tool detects unknown vulnerabilities in Windows network module.",
keywords = "Buffer overflow, Fault injection, RPC (remote procedure call), Security assessment, Software security",
author = "Hyungwoo Kang and Lee, {Dong Hoon}",
year = "2007",
month = "12",
day = "1",
language = "English",
isbn = "9783540715481",
volume = "4430 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "172--183",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - Security assessment for application network services using fault injection

AU - Kang, Hyungwoo

AU - Lee, Dong Hoon

PY - 2007/12/1

Y1 - 2007/12/1

N2 - Vulnerabilities in network protocol software have been problematic since Internet infrastructure was deployed. These vulnerabilities damage the reliability of network software and create security holes in computing environment. Many critical security vulnerabilities exist in application network services of which specification or description has not been published. In this paper, we propose a security assessment methodology based on fault injection techniques to improve reliability of the application network services with no specifications published. We also implement a tool for security testing based on the proposed methodology. Windows RPC network services are chosen as an application network service considering its unknown protocol specification and are validated by the methodology. It turns out that the tool detects unknown vulnerabilities in Windows network module.

AB - Vulnerabilities in network protocol software have been problematic since Internet infrastructure was deployed. These vulnerabilities damage the reliability of network software and create security holes in computing environment. Many critical security vulnerabilities exist in application network services of which specification or description has not been published. In this paper, we propose a security assessment methodology based on fault injection techniques to improve reliability of the application network services with no specifications published. We also implement a tool for security testing based on the proposed methodology. Windows RPC network services are chosen as an application network service considering its unknown protocol specification and are validated by the methodology. It turns out that the tool detects unknown vulnerabilities in Windows network module.

KW - Buffer overflow

KW - Fault injection

KW - RPC (remote procedure call)

KW - Security assessment

KW - Software security

UR - http://www.scopus.com/inward/record.url?scp=38049126112&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=38049126112&partnerID=8YFLogxK

M3 - Conference contribution

SN - 9783540715481

VL - 4430 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 172

EP - 183

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -