Skip to main content
SpringerLink
Log in

The Utility of Inconsistency in Information Security and Digital Forensics

  • Chapter
  • First Online:
Recent Trends in Information Reuse and Integration

Abstract

Inconsistency in knowledge, information and data is ubiquitous. Inconsistency can be used as a very effective tool in accomplishing the objectives in information security and digital forensics. In this paper, our focus is on the utilities of inconsistency in those areas: access control lists in firewalls, intrusion detection systems, operating system access control mechanisms, deception based defense, and digital image forensics. We describe an algorithm for detecting several types of firewall rule inconsistency. Compared with related work, our approach has several salient features. We also define a special type of inconsistency called setuid inconsistency and highlight various other types of inconsistencies in the aforementioned areas. The take-home message is that inconsistency is a very important phenomenon and its utilities can never be underestimated in information security and digital forensics.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    According to [7], exceptions to general filtering decisions may not be errors. This type of inconsistency thus serves as a warning and needs to be highlighted to firewall administrators.

  2. 2.

    The set of actions different firewall devices have may differ. Typical action sets include: {permit, deny}, {accept, deny}, or {discard, protect, bypass}. Different predicates can be utilized accordingly.

References

  1. Bishop, M.: How to Write A Setuid Program. USENIX Login. 12(1), 5–11 (1987)

    Google Scholar 

  2. Capretta, V., Stepien, B., Felty, A.: Formal Correctness of Conflict Detection for Firewalls. In: Proceedings of the Fifth ACM Workshop on Formal Methods in Security Engineering: From Specifications to Code pp. 22–30 (2007)

    Google Scholar 

  3. Chen, H., Wagner, D., Dean, D.: Setuid Demystified. In: Proceedings of Eleventh USENIX Security Symposium August 2002 pp. 171–190 (2002)

    Google Scholar 

  4. Farid, H.: Seeing Is Not Believing. IEEE Spectrum. 46(8), 44–51 (2009)

    Article  Google Scholar 

  5. Fayad, A., Jajodia, S., McCollum, C.D.: Application-Level Isolation Using Data Inconsistency Detection. In: Proceedings 15th Annual Computer Security Applications Conference (ACSAC) pp. 119–126 (1999)

    Google Scholar 

  6. Gouda, M.G., Liu, A.X.: Structured Firewall Design. Comput. Networks. 51(4), 1106–1120 (2007)

    Article  MATH  Google Scholar 

  7. Hamed, H., Al-Shaer, E.: Taxonomy of Conflicts in Network Security Policies. IEEE Comm. Mag. 44(3), 134–141 (2006)

    Article  Google Scholar 

  8. Johnson, M.K., Farid, H.: Exposing Digital Forgeries by Detecting Inconsistencies in Lighting. In: Proceedings of ACM Multimedia and Security Workshop pp. 1–10 (2005)

    Google Scholar 

  9. Kim, G.H., Spafford, E.H.: The Design and Implementation of Tripwire: A File System Integrity Check. In: Proceedings of the 2nd ACM Conference on Computer and Communications Security November 2–4, 1994, pp. 18–29 (2010)

    Google Scholar 

  10. Kurose, J., Ross, K.: Computer Networking, Addison Wesley (2010)

    Google Scholar 

  11. Mahdian, B., Saic, S.: Using Noise Inconsistencies for Blind Image Forensics. Image and Vision Computing Vol. 27, pp. 1497–1503 (2009)

    Article  Google Scholar 

  12. McKusick, M.K., Bostic, K., Karels, M.J.: The Design and Implementation of the 4.4 BSD Operating System Addison Wesley (1996)

    Google Scholar 

  13. Neagoe, V., Bishop, M.: Inconsistency in Deception for Defense. In: Proceedings of the 2006 Workshop on New Security Paradigms Schloss Dagstuhl, Germany, Sept. 19–22 pp. 31–38 (2006)

    Google Scholar 

  14. Patil, S., et al: I3FS: An In-Kernel Integrity Checker and Intrusion Detection File System, In: Proceedings of Large Installation System Administration Conference pp. 67–78 (2004)

    Google Scholar 

  15. Pozo, S., Ceballos, R., Gasca, R.M.: A Heuristic Process for Local Inconsistency Diagnosis in Firewall Rule Sets. J. Networks. 4(8), 698–710 (2009)

    Google Scholar 

  16. Ritchie, D.M.: Protection of Data File Contents, United States Patent#4,135,240, January 16, 1979 http://www.google.com/patent?vid=USPAT4135240 (2010)

  17. Salamat, B., Jackson, T., Gal, A.: Orchestra: Intrusion Detection Using Parallel Execution and Monitoring of Program Variants in User-Space Proceedings of the 4th ACM European conference on Computer systems, pp. 33–46 (2009)

    Google Scholar 

  18. Setuid: Checklist for Security of Setuid Programs. \url{http://www.homeport.org/$\sim}$adam/setuid.7.html (2010)

    Google Scholar 

  19. Snyder, D.: On-line Intrusion Detection Using Sequences of System Calls, MS thesis, Department of Computer Science, Florida State University (2001)

    Google Scholar 

  20. Stakhanova, N., Li, Y., Ghorbani, A.A.: Classification and Discovery of Rule Misconfigurations in Intrusion Detection and Response Devices. In: Proceedings of the World Congress on Privacy, Security, Trust and the Management of e-Business pp. 29–37 (2009)

    Google Scholar 

  21. Tsafrir, D., Da Silva, D., Wagner, D.: The Murky Issue of Changing Process Identity: Revising ‘Setuid Demystified’, USENIX Login 33:3 pp. 55–66 (2008)

    Google Scholar 

  22. Vulnerability Note: Vulnerability Note VU#40327, OpenSSH UseLogin option allows remote execution of commands as root. http://www.kb.cert.org/vuls/id/40327 (2010)

  23. Ye, S., Sun, Q., Chang, E.C.: Detecting Digital Image Forgeries by Measuring Inconsistencies of Blocking Artifacts, Proceedings of the IEEE International Conference on Multimedia and Expo pp. 12–15 (2007)

    Google Scholar 

  24. Yuan, L., et al.: FIREMAN: A Toolkit for Firewall Modeling and Analysis. In: Proceedings of the IEEE Symposium on Security and Privacy (2006)

    Google Scholar 

  25. Zhang, D.: Quantifying Knowledge Base Inconsistency via Fixpoint Semantics. Springer Transactions on Computational Science II LNCS 5150 pp. 145–160 (2008)

    Article  Google Scholar 

  26. Zhang, D.: Taming Inconsistency in Value-Based Software Development. In: Proceedings of 21st International Conference on Software Engineering and Knowledge Engineering Boston Mass. pp. 450–455 (2009a)

    Google Scholar 

  27. Zhang, D.: Inconsistency: The Good, The Bad, and The Ugly. In: Proceedings of the 10th IEEE International Conference on Information Reuse and Integration pp. 182–187 (2009b)

    Google Scholar 

  28. Zhang, D.: Inconsistencies in Information Security and Digital Forensics. In: Proceedings of the 11th IEEE International Conference on Information Reuse and Integration pp. 141–146 (2010)

    Google Scholar 

Download references

Acknowledgements

We would like to express our appreciation to anonymous reviewers whose comments help improve both the technical contents and the presentation of this paper.

Author information

Authors and Affiliations

  1. Department of Computer Science, California State University, Sacramento, CA, 95819-6021, USA

    Du Zhang

Authors
  1. Du Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Du Zhang .

Editor information

Editors and Affiliations

  1. , Department of Computer Engineering, Tobb University, Sögütözü Caddesi 43, Ankara, 06560, Turkey

    Tansel Özyer

  2. , Department of Electrical Engineering, University of Western Ontario, Building 363, London, N6A 5B9, Ontario, Canada

    Keivan Kianmehr

  3. , Department of Computer Engineering, Tobb University, Söğütözü Caddesi 43, Ankara, 06560, Ankara, Turkey

    Mehmet Tan

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer Vienna

About this chapter

Cite this chapter

Zhang, D. (2012). The Utility of Inconsistency in Information Security and Digital Forensics. In: Özyer, T., Kianmehr, K., Tan, M. (eds) Recent Trends in Information Reuse and Integration. Springer, Vienna. https://doi.org/10.1007/978-3-7091-0738-6_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-7091-0738-6_19

  • Published:

  • Publisher Name: Springer, Vienna

  • Print ISBN: 978-3-7091-0737-9

  • Online ISBN: 978-3-7091-0738-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation