The Utility of Inconsistency in Information Security and Digital Forensics

Inconsistency in knowledge, information and data is ubiquitous. Inconsistency can be used as a very effective tool in accomplishing the objectives in information security and digital forensics. In this paper, our focus is on the utilities of inconsistency in those areas: access control lists in firewalls, intrusion detection systems, operating system access control mechanisms, deception based defense, and digital image forensics. We describe an algorithm for detecting several types of firewall rule inconsistency. Compared with related work, our approach has several salient features. We also define a special type of inconsistency called setuid inconsistency and highlight various other types of inconsistencies in the aforementioned areas. The take-home message is that inconsistency is a very important phenomenon and its utilities can never be underestimated in information security and digital forensics.

[1]  Sushil Jajodia,et al.  Application-level isolation using data inconsistency detection , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[2]  Ehab Al-Shaer,et al.  Taxonomy of conflicts in network security policies , 2006, IEEE Communications Magazine.

[3]  Dan Tsafrir,et al.  The Murky Issue of Changing Process Identity: Revising "Setuid Demystified" , 2008, login Usenix Mag..

[4]  Keith Bostic,et al.  The design and implementa-tion of the 4.4BSD operating system , 1996 .

[5]  Ali A. Ghorbani,et al.  Classification and Discovery of Rule Misconfigurations in Intrusion Detection and Response Devices , 2009, 2009 World Congress on Privacy, Security, Trust and the Management of e-Business.

[6]  D. Snyder,et al.  On-Line Intrusion Detection Using Sequences of System Calls , 2001 .

[7]  Babak Mahdian,et al.  Using noise inconsistencies for blind image forensics , 2009, Image Vis. Comput..

[8]  Du Zhang,et al.  Quantifying Knowledge Base Inconsistency via Fixpoint Semantics , 2007, 6th IEEE International Conference on Cognitive Informatics.

[9]  Stan Matwin,et al.  Formal correctness of conflict detection for firewalls , 2007, FMSE '07.

[10]  Chen-Nee Chuah,et al.  FIREMAN: a toolkit for firewall modeling and analysis , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[11]  Ee-Chien Chang,et al.  Detecting Digital Image Forgeries by Measuring Inconsistencies of Blocking Artifact , 2007, 2007 IEEE International Conference on Multimedia and Expo.

[12]  Du Zhang Taming Inconsistency in Value-based Software Development , 2009, SEKE.

[13]  Erez Zadok,et al.  I3FS: An In-Kernel Integrity Checker and Intrusion Detection File System , 2004, LISA.

[14]  Matt Bishop,et al.  Inconsistency in deception for defense , 2006, NSPW '06.

[15]  Du Zhang,et al.  Inconsistency: The good, the bad, and the ugly , 2009, 2009 IEEE International Conference on Information Reuse & Integration.

[16]  H. Hurley computer networking. , 1996, Ostomy/wound management.

[17]  S J Hickman,et al.  Seeing is not believing , 2005, British Journal of Ophthalmology.

[18]  Steven G. Johnson,et al.  The Design and Implementation of FFTW3 , 2005, Proceedings of the IEEE.

[19]  Samuel J. Leffler,et al.  The design and implementation of the 4.3 BSD Unix operating system , 1991, Addison-Wesley series in computer science.

[20]  Hany Farid,et al.  Exposing digital forgeries by detecting inconsistencies in lighting , 2005, MM&Sec '05.

[21]  Michael Franz,et al.  Orchestra: intrusion detection using parallel execution and monitoring of program variants in user-space , 2009, EuroSys '09.

[22]  David A. Wagner,et al.  Setuid Demystified , 2002, USENIX Security Symposium.

[23]  Du Zhang,et al.  Inconsistencies in information security and digital forensics , 2010, 2010 IEEE International Conference on Information Reuse & Integration.

[24]  Eugene H. Spafford,et al.  The design and implementation of tripwire: a file system integrity checker , 1994, CCS '94.

[25]  Matt Bishop How To Write a Setuid Program , 2001 .

[26]  Mohamed G. Gouda,et al.  Structured firewall design , 2007, Comput. Networks.

[27]  Rafael M. Gasca,et al.  A Heuristic Process for Local Inconsistency Diagnosis in Firewall Rule Sets , 2009, J. Networks.