• Documents
  • Authors
  • Tables
  • Other Seers ▼
    RefSeer AckSeer CollabSeer SeerSeer
  • Log in
  • Sign up
  • MetaCart

CiteSeerX logo

Advanced Search Include Citations
Advanced Search Include Citations | Disambiguate

Fixing races for fun and profit: how to abuse atime (2005)

Cached

  • Download as a PDF

Download Links

  • [www.usenix.org]
  • [www.crhc.uiuc.edu]
  • [www.cs.berkeley.edu]
  • [www.cs.berkeley.edu]
  • [www.cs.berkeley.edu]
  • [www.ida.liu.se]
  • [http.cs.berkeley.edu]
  • [now.cs.berkeley.edu]
  • [www.cs.sunysb.edu]
  • [www.cs.berkeley.edu]

  • Save to List
  • Add to Collection
  • Correct Errors
  • Monitor Changes
by Nikita Borisov , Rob Johnson , Naveen Sastry , David Wagner
Venue:In 14th USENIX Security Symp
Citations:11 - 4 self
  • Summary
  • Active Bibliography
  • Co-citation
  • Clustered Documents
  • Version History

BibTeX

@INPROCEEDINGS{Borisov05fixingraces,
    author = {Nikita Borisov and Rob Johnson and Naveen Sastry and David Wagner},
    title = {Fixing races for fun and profit: how to abuse atime},
    booktitle = {In 14th USENIX Security Symp},
    year = {2005},
    pages = {303--314}
}

Bookmark

citeulike Connotea Bibsonomy Del.icio.us Digg Reddit

OpenURL

 

Abstract

Dean and Hu proposed a probabilistic countermeasure to the classic access(2)/open(2) TOCTTOU race condition in privileged Unix programs [4]. In this paper, we describe an attack that succeeds with very high probability against their countermeasure. We then consider a stronger randomized variant of their defense and show that it, too, is broken. We conclude that access(2) must never be used in privileged Unix programs. The tools we develop can be used to attack other filesystem races, underscoring the importance of avoiding such races in secure software. 1

Citations

119 Checking for race conditions in file accesses - Bishop, Dilger - 1996
63 Model checking one million lines of C code - Chen, Dean, et al. - 2004
47 Experience with transactions in QuickSilver - Schmuck, Wylie - 1991
42 Setuid demystified - Chen, Wagner, et al.
36 The Confused Deputy (or why capabilities might have been invented - HARDY - 1988
30 Secure applications need flexible operating systems - MaziƩres, Kaashoek - 1997
21 Model checking an entire linux distribution for security violations - Schwarz, Chen, et al. - 2005
21 Checking for race conditions in file accesses. Computing Systems Spring - Bishop, Dilger - 1996
20 Noninterference and intrusion detection - Ko, Redmond - 2002
16 Dynamic detection and prevention of race conditions in file accesses - Tsyrklevich, Yee - 2003
14 Fixing races for fun and profit: how to use access(2 - Dean, Hu - 2004
8 Operating system integrity in OS/VS2 - McPhee - 1974
2 Secureapplications need flexible operating systems - Mazi`eres, Kaashoek - 1997
2 Operating system integrity inOS/VS2. IBM Systems Journal - McPhee - 1974
1 Unix Network Programming, chapter 14.7: Passing Descriptors - Stevens - 1997
The National Science Foundation
  • About CiteSeerX
  • Submit Documents
  • Privacy Policy
  • Help
  • Data
  • Source
  • Contact Us

Developed at and hosted by The College of Information Sciences and Technology

© 2007-2010 The Pennsylvania State University