On the Self-Protection of Firewalls and Distributed Intrusion Detection Systems
2001 (English)Report (Refereed)
Distributed computing is performed by allowing a possibly large number of interconnected
entities to process distributed information. The complexity of these systems
increases the risk of exposing information to unauthorized parties and opens up the possibility
of new threats and new vulnerabilities. Thus, the security of the systems cannot be
provided by the local computer, but is dependent on the security of all the computers and
communication channels involved. In order to counter these new threats, security extensions,
such as firewalls and intrusion detection systems, are often added to the system.
However, to be more effective the extensions need to reflect the structure of the system
they should protect, i.e. they must cooperate or wherever appropriate be distributed themselves.
One aspect which is often neglected in this context is that the introduction of security
extensions may in itself introduce new vulnerabilities. This comes from the fact that
the extensions rely on sensitive information in order to work properly. Another aspect is
that commonly used operating systems do not provide a trustworthy platform for the security extensions, so the security can not be based on the security of the underlying system.
One way to solve this problem is to let the extension take care of its own protection, i.e. provide self-protection. This thesis addresses the self-protection problem and discusses the avoidance of the risks and dangers associated with the use of security extensions. One specific issue of self-protection is studied in particular, namely that of protecting the detection policy of a distributed intrusion detection system. A protection method using one-way functions is proposed.
Place, publisher, year, edition, pages
Technical Report 398L, Department of Computer Engineering, Chalmers University of Technology, SE-412 96 Göteborg, Sweden, 2001
Research subject Computer Science
IdentifiersURN: urn:nbn:se:kau:diva-22100OAI: oai:DiVA.org:kau-22100DiVA: diva2:595776