Abstract
Inconsistency in knowledge, information and data is ubiquitous. Inconsistency can be used as a very effective tool in accomplishing the objectives in information security and digital forensics. In this paper, our focus is on the utilities of inconsistency in those areas: access control lists in firewalls, intrusion detection systems, operating system access control mechanisms, deception based defense, and digital image forensics. We describe an algorithm for detecting several types of firewall rule inconsistency. Compared with related work, our approach has several salient features. We also define a special type of inconsistency called setuid inconsistency and highlight various other types of inconsistencies in the aforementioned areas. The take-home message is that inconsistency is a very important phenomenon and its utilities can never be underestimated in information security and digital forensics.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
According to [7], exceptions to general filtering decisions may not be errors. This type of inconsistency thus serves as a warning and needs to be highlighted to firewall administrators.
- 2.
The set of actions different firewall devices have may differ. Typical action sets include: {permit, deny}, {accept, deny}, or {discard, protect, bypass}. Different predicates can be utilized accordingly.
References
Bishop, M.: How to Write A Setuid Program. USENIX Login. 12(1), 5–11 (1987)
Capretta, V., Stepien, B., Felty, A.: Formal Correctness of Conflict Detection for Firewalls. In: Proceedings of the Fifth ACM Workshop on Formal Methods in Security Engineering: From Specifications to Code pp. 22–30 (2007)
Chen, H., Wagner, D., Dean, D.: Setuid Demystified. In: Proceedings of Eleventh USENIX Security Symposium August 2002 pp. 171–190 (2002)
Farid, H.: Seeing Is Not Believing. IEEE Spectrum. 46(8), 44–51 (2009)
Fayad, A., Jajodia, S., McCollum, C.D.: Application-Level Isolation Using Data Inconsistency Detection. In: Proceedings 15th Annual Computer Security Applications Conference (ACSAC) pp. 119–126 (1999)
Gouda, M.G., Liu, A.X.: Structured Firewall Design. Comput. Networks. 51(4), 1106–1120 (2007)
Hamed, H., Al-Shaer, E.: Taxonomy of Conflicts in Network Security Policies. IEEE Comm. Mag. 44(3), 134–141 (2006)
Johnson, M.K., Farid, H.: Exposing Digital Forgeries by Detecting Inconsistencies in Lighting. In: Proceedings of ACM Multimedia and Security Workshop pp. 1–10 (2005)
Kim, G.H., Spafford, E.H.: The Design and Implementation of Tripwire: A File System Integrity Check. In: Proceedings of the 2nd ACM Conference on Computer and Communications Security November 2–4, 1994, pp. 18–29 (2010)
Kurose, J., Ross, K.: Computer Networking, Addison Wesley (2010)
Mahdian, B., Saic, S.: Using Noise Inconsistencies for Blind Image Forensics. Image and Vision Computing Vol. 27, pp. 1497–1503 (2009)
McKusick, M.K., Bostic, K., Karels, M.J.: The Design and Implementation of the 4.4 BSD Operating System Addison Wesley (1996)
Neagoe, V., Bishop, M.: Inconsistency in Deception for Defense. In: Proceedings of the 2006 Workshop on New Security Paradigms Schloss Dagstuhl, Germany, Sept. 19–22 pp. 31–38 (2006)
Patil, S., et al: I3FS: An In-Kernel Integrity Checker and Intrusion Detection File System, In: Proceedings of Large Installation System Administration Conference pp. 67–78 (2004)
Pozo, S., Ceballos, R., Gasca, R.M.: A Heuristic Process for Local Inconsistency Diagnosis in Firewall Rule Sets. J. Networks. 4(8), 698–710 (2009)
Ritchie, D.M.: Protection of Data File Contents, United States Patent#4,135,240, January 16, 1979 http://www.google.com/patent?vid=USPAT4135240 (2010)
Salamat, B., Jackson, T., Gal, A.: Orchestra: Intrusion Detection Using Parallel Execution and Monitoring of Program Variants in User-Space Proceedings of the 4th ACM European conference on Computer systems, pp. 33–46 (2009)
Setuid: Checklist for Security of Setuid Programs. \url{http://www.homeport.org/$\sim}$adam/setuid.7.html (2010)
Snyder, D.: On-line Intrusion Detection Using Sequences of System Calls, MS thesis, Department of Computer Science, Florida State University (2001)
Stakhanova, N., Li, Y., Ghorbani, A.A.: Classification and Discovery of Rule Misconfigurations in Intrusion Detection and Response Devices. In: Proceedings of the World Congress on Privacy, Security, Trust and the Management of e-Business pp. 29–37 (2009)
Tsafrir, D., Da Silva, D., Wagner, D.: The Murky Issue of Changing Process Identity: Revising ‘Setuid Demystified’, USENIX Login 33:3 pp. 55–66 (2008)
Vulnerability Note: Vulnerability Note VU#40327, OpenSSH UseLogin option allows remote execution of commands as root. http://www.kb.cert.org/vuls/id/40327 (2010)
Ye, S., Sun, Q., Chang, E.C.: Detecting Digital Image Forgeries by Measuring Inconsistencies of Blocking Artifacts, Proceedings of the IEEE International Conference on Multimedia and Expo pp. 12–15 (2007)
Yuan, L., et al.: FIREMAN: A Toolkit for Firewall Modeling and Analysis. In: Proceedings of the IEEE Symposium on Security and Privacy (2006)
Zhang, D.: Quantifying Knowledge Base Inconsistency via Fixpoint Semantics. Springer Transactions on Computational Science II LNCS 5150 pp. 145–160 (2008)
Zhang, D.: Taming Inconsistency in Value-Based Software Development. In: Proceedings of 21st International Conference on Software Engineering and Knowledge Engineering Boston Mass. pp. 450–455 (2009a)
Zhang, D.: Inconsistency: The Good, The Bad, and The Ugly. In: Proceedings of the 10th IEEE International Conference on Information Reuse and Integration pp. 182–187 (2009b)
Zhang, D.: Inconsistencies in Information Security and Digital Forensics. In: Proceedings of the 11th IEEE International Conference on Information Reuse and Integration pp. 141–146 (2010)
Acknowledgements
We would like to express our appreciation to anonymous reviewers whose comments help improve both the technical contents and the presentation of this paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer Vienna
About this chapter
Cite this chapter
Zhang, D. (2012). The Utility of Inconsistency in Information Security and Digital Forensics. In: Özyer, T., Kianmehr, K., Tan, M. (eds) Recent Trends in Information Reuse and Integration. Springer, Vienna. https://doi.org/10.1007/978-3-7091-0738-6_19
Download citation
DOI: https://doi.org/10.1007/978-3-7091-0738-6_19
Published:
Publisher Name: Springer, Vienna
Print ISBN: 978-3-7091-0737-9
Online ISBN: 978-3-7091-0738-6
eBook Packages: Computer ScienceComputer Science (R0)