Detection of file-based race conditions

被引:0
|
作者
Lhee K.-S. [1 ]
Chapin S.J. [1 ]
机构
[1] Systems Assurance Institute, Syracuse University, Syracuse
关键词
Race condition; Security; Time-of-check-to-time-of-use (TOCTTOU) flaws;
D O I
10.1007/s10207-004-0068-2
中图分类号
学科分类号
摘要
Multiprocessing environments such as Unix are susceptible to race conditions on the file space, since processes share files in the system. A process accessing a file may get unexpected results while executing in a critical section if the binding between the file name and the file object is altered by another process. Such errors, called time-of-check-to-time-of-use (TOCTTOU) binding flaws, are among the most prevalent security flaws. This paper presents a model that detects TOCTTOU binding flaws by checking the integrity of bindings between file names and file objects at run time and a simplified prototype of the detection model. We discuss the properties of the detection model and its run-time overhead, based on the results of experiments on the prototype. © Springer-Verlag 2005.
引用
收藏
页码:105 / 119
页数:14
相关论文
共 50 条
  • [41] TEAM: Virtual Synchronized File-based Transparent and Privacy-Enhanced Storage System
    Jeong, Hye-Lim
    Park, Ki-Woong
    [J]. INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS, 2016, 10 (09): : 285 - 294
  • [42] Extracting data in file-based forensic psychiatric research:: Some methodological considerations
    Långström, N
    Grann, M
    Tengström, A
    Lindholm, N
    Woodhouse, A
    Kullgren, G
    [J]. NORDIC JOURNAL OF PSYCHIATRY, 1999, 53 (01) : 61 - 67
  • [43] pyJSON Schema Loader and JSON Editor: A tool for file-based metadata management
    Plathe, Nick
    Becker, Markus M.
    Franke, Steffen
    [J]. SoftwareX, 2024, 28
  • [44] Analyzing Android's File-Based Encryption Information Leakage through Unencrypted Metadata
    Gross, Tobias
    Ahmadova, Matanat
    Mueller, Tilo
    [J]. 14TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY (ARES 2019), 2019,
  • [45] Hint File-Based Implementation of Contents Navigation Methods for Set-Top Box
    Jeong, Jin-Hwan
    Lee, Yong-Ju
    Kim, Hag-Young
    Park, Yu-Hyeon
    [J]. IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, 2009, 55 (02) : 896 - 901
  • [46] A Distributed File-Based Storage System for Improving High Availability of Space Weather Data
    Andrian, Yoga
    Kim, Hyeonwoo
    Ju, Hongtaek
    [J]. APPLIED SCIENCES-BASEL, 2019, 9 (23):
  • [47] Comparing and Combining File-Based Selection and Similarity-Based Prioritization Towards Regression Test Orchestration
    Greca, Renan
    Miranda, Breno
    Gligoric, Milos
    Bertolino, Antonia
    [J]. 3RD ACM/IEEE INTERNATIONAL CONFERENCE ON AUTOMATION OF SOFTWARE TEST (AST 2022), 2022, : 115 - 125
  • [48] Hint File-Based Implementation of Contents Navigation Methods for Set-Top Box
    Jeong, Jin-Hwan
    Lee, Yong-Ju
    Kim, Hag-Young
    [J]. 2009 IEEE INTERNATIONAL CONFERENCE ON CONSUMER ELECTRONICS, 2009, : 441 - 442
  • [49] Automated modular file-based distributed configuration management for Unix servers of heterogeneous applications
    Aminoff, A
    [J]. PROCEEDINGS OF THE IEEE THIRD INTERNATIONAL WORKSHOP ON SYSTEMS MANAGEMENT, 1998, : 22 - 23
  • [50] Quantification of residual dose estimation error on log file-based patient dose calculation
    Katsuta, Yoshiyuki
    Kadoya, Noriyuki
    Fujita, Yukio
    Shimizu, Eiji
    Matsunaga, Kenichi
    Matsushita, Haruo
    Majima, Kazuhiro
    Jingu, Keiichi
    [J]. PHYSICA MEDICA-EUROPEAN JOURNAL OF MEDICAL PHYSICS, 2016, 32 (05): : 701 - 705