Exploiting unix file-system races via algorithmic complexity attacks

Exploiting unix file-system races via algorithmic complexity attacks (2009)

Cached

Download Links

[www.cs.sunysb.edu]

by Xiang Cai , Yuwei Gui , Rob Johnson

Citations:

6 - 0 self

BibTeX

@MISC{Cai09exploitingunix,
    author = {Xiang Cai and Yuwei Gui and Rob Johnson},
    title = {Exploiting unix file-system races via algorithmic complexity attacks},
    year = {2009}
}

Bookmark

OpenURL

Abstract

We defeat two proposed Unix file-system race condition defense mechanisms. First, we attack the probabilistic defense mechanism of Tsafrir, et al., published at USENIX FAST 2008[26]. We then show that the same attack breaks the kernel-based dynamic race detector of Tsyrklevich and Yee, published at USENIX Security 2003[28]. We then argue that all kernel-based dynamic race detectors must have a model of the programs they protect or provide imperfect protection. The techniques we develop for performing these attacks work on multiple Unix operating systems, on uni- and multi-processors, and are useful for exploiting most Unix file-system races. We conclude that programmers should use provably-secure methods for avoiding race conditions when accessing the file-system. 1.

Citations

315	Checking System rules using System-specific, Programmer-written Compiler Extensions - Engler, Chelf, et al. - 2000
245	Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems Code - Engler, Chen, et al. - 2001
178	MOPS: An infrastructure for examining security properties of software - Chen, Wagner - 2002
119	Checking for race conditions in file accesses - Bishop, Dilger - 1996
104	Automated detection of vulnerabilities in privileged programs by execution monitoring - KO, FINK, et al. - 1994
97	Denial of service via algorithmic complexity attacks - Crosby, Wallach
91	Detecting past and present intrusions through vulnerability-specific predicates - Joshi, King, et al. - 2005
49	Finding user/kernel pointer bugs with type inference - Johnson, Wagner - 2004
47	Experience with transactions in QuickSilver - Schmuck, Wylie - 1991
44	Improving computer security using extended static checking - Chess - 2002
30	Secure applications need flexible operating systems - Maziéres, Kaashoek - 1997
21	Model checking an entire linux distribution for security violations - Schwarz, Chen, et al. - 2005
20	Noninterference and intrusion detection - Ko, Redmond - 2002
16	RaceGuard: kernel protection from temporary file race vulnerabilities - Cowan, Beattie, et al. - 2001
16	Dynamic detection and prevention of race conditions in file accesses - Tsyrklevich, Yee - 2003
14	Fixing races for fun and profit: how to use access(2 - Dean, Hu - 2004
12	Extending ACID Semantics to the File System - WRIGHT, SPILLANE, et al.
11	Fixing races for fun and profit: how to abuse atime - Borisov, Johnson, et al. - 2005
10	TOCTTOU vulnerabilities in UNIX-style file systems: an anatomical study - Wei, Pu - 2005
9	Detection of file-based race conditions - Lhee, Chapin - 2005
7	A methodical defense against TOCTTOU attacks: the EDGI approach - Pu, Wei - 2006
7	Preventing race condition attacks on file-systems - Uppuluri, Joshi, et al. - 2005
6	Secretly monopolizing the CPU without superuser privileges - Tsafrir, Etsion, et al. - 2007
5	Monitoring the security health of software systems - Aggarwal, Jalote - 2006
5	Portably preventing file race attacks with user-mode path resolution - TSAFRIR, HERTZ, et al.
5	Portably Solving File TOCTTOU Races with Hardness Amplification - Tsafrir, Hertz, et al. - 2008
4	Race conditions, files, and security flaws; or the tortoise and the hare Redux - BISHOP - 1995
3	The murky issue of changing process identity: Revising “setuid demystified - TSAFRIR, SILVA, et al.
1	The linux process scheduler. http: //www.informit.com/articles/article.aspx?p=101760 - Love - 2003
1	Design principles for security-conscious systems - Wagner