Preventing race condition attacks on file-systems

Uppuluri, Prem; Joshi, Uday; Ray, Arnab

doi:10.1145/1066677.1066758

Cited by 25 publications

(32 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Tan and Weinsberg attempt to improve string-matching algorithms for intrusion detection and prevention on large-scale high-speed network traffic; Drinic (Drinic & Kirovski, 2004) and Weaver (Weaver et al, 2007) present the hardware implementation of IPS based on field programmable gate arrays; Green uses a generic and reliable model to anticipate future attack scenarios; Uppuluri provides a practical approach to detect and prevent race condition attacks (Uppuluri et al, 2005). What's more, there are many commercial IPS products available such as TippingPoint IPS, ISS IPS, Cisco IPS and NetKeeper IPS, and these representative products are online, network-based solution, designed to accurately identify, classify, and stop malicious traffic, including worms, spyware/adware, network viruses, and application abuse.…”

Section: Related Workmentioning

confidence: 99%

Intrusion Detection and Prevention in High Speed Network

Zhao¹,

Hu²

2012

Security Enhanced Applications for Information Systems

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

Intrusion Detection and Prevention in High Speed Network

Zhao¹,

Hu²

2012

Security Enhanced Applications for Information Systems

View full text Add to dashboard Cite

“…Researchers have proposed several kernel-base dynamic race detection schemes [28], [17], [8], [29], [15], [20], but all the proposals are based on a similar idea. Each proposal modifies the kernel to maintain a table, T , of the form (pid, dirID, f name, status), which indicates that the last system call made by process pid that referenced entry f name inside the directory identified by dirID yielded a file with the given status.…”

Section: Kernel-based Dynamic Race Detectorsmentioning

confidence: 99%

“…Dynamic race condition detectors come in two basic varieties: preventers [8], [28], [29] and detectors [1], [14], [16], [17], [32]. As argued in Section 3, run-time prevention of race-condition attacks must always face a state management problem.…”

Section: Related Workmentioning

confidence: 99%

“…Time-Of-Check-To-Time-Of-Use (TOCTTOU) filesystem race-conditions have been a recurring problem in Unix operating systems since the 80s, and researchers have proposed numerous solutions, including static detectors [3], [30], [5], [7], dynamic detectors [28], [17], [8], [29], [15], [20], extensions to the Unix file-system interface [10], [33], and probabilistic user-space defenses [10], [26]. This paper presents attacks on two proposed filesystem race-condition defense mechanisms.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Exploiting Unix File-System Races via Algorithmic Complexity Attacks

Cai

Gui

Johnson

2009

2009 30th IEEE Symposium on Security and Privacy

View full text Add to dashboard Cite

We defeat two proposed Unix file-system race condition defense mechanisms. First, we attack the probabilistic defense mechanism of Tsafrir, et al., published at USENIX FAST 2008[26]. We then show that the same attack breaks the kernel-based dynamic race detector of Tsyrklevich and Yee, published at USENIX Security 2003 [28]. We then argue that all kernel-based dynamic race detectors must have a model of the programs they protect or provide imperfect protection. The techniques we develop for performing these attacks work on multiple Unix operating systems, on uni-and multi-processors, and are useful for exploiting most Unix file-system races. We conclude that programmers should use provably-secure methods for avoiding race conditions when accessing the file-system.

show abstract

“…For more information on race conditions, on methods for scanning code for such vulnerabilities, and on possible countermeasures, see e.g. [4,14,3,16]. Finally, note that in Java it is the programmer's task to deal with race conditions by suitable synchronization of concurrent accesses.…”

Section: Atomic Transactionsmentioning

confidence: 99%

Software Security – The Dangers of Abstraction

Gollmann

2009

The Future of Identity in the Information Society

View full text Add to dashboard Cite

Abstract. Software insecurity can be explained as a potpourri of hacking methods, ranging from the familiar, e.g. buffer overruns, to the exotic, e.g. code insertion with Chinese characters. From such an angle software security would just be a collection of specific countermeasures. We will observe a common principle that can guide a structured presentation of software security and give guidance for future research directions: There exists a discrepancy between the abstract programming concepts used by software developers and their concrete implementation on the given execution platform. In support of this thesis, five case studies will be discussed, viz characters, integers, variables, atomic transactions, and double linked lists.

show abstract

Preventing race condition attacks on file-systems

Cited by 25 publications

References 12 publications

Intrusion Detection and Prevention in High Speed Network

Intrusion Detection and Prevention in High Speed Network

Exploiting Unix File-System Races via Algorithmic Complexity Attacks

Software Security – The Dangers of Abstraction

Contact Info

Product

Resources

About