Abstract
Multiprocessing environments such as Unix are susceptible to race conditions on the file space, since processes share files in the system. A process accessing a file may get unexpected results while executing in a critical section if the binding between the file name and the file object is altered by another process. Such errors, called time-of-check-to-time-of-use (TOCTTOU) binding flaws, are among the most prevalent security flaws. This paper presents a model that detects TOCTTOU binding flaws by checking the integrity of bindings between file names and file objects at run time and a simplified prototype of the detection model. We discuss the properties of the detection model and its run-time overhead, based on the results of experiments on the prototype .
Similar content being viewed by others
References
Bishop M, Dilger M (1996) Checking for race conditions in file accesses. Comput Syst 9(2):131–152
Bishop M (2003) Computer security: art and science. Addison-Wesley, Reading, MA
Chakaravarthy VT (2003) New results on the computability and complexity of points-to analysis. In: Proceedings of the 30th ACM symposium on principles of programming languages, New Orleans, LA, January 2003, pp 115–125
Chess BV (2002) Improving computer security using extended static checking. In: IEEE symposium on security and privacy, Berkeley, CA, May 2002, pp 160–173
Cowan C, Beattie S, Wright C, Kroah-Hartman G (2001) RaceGuard: kernel protection from temporary file race vulnerabilities. In: Proceedings of the 10th USENIX symposium on security, Washington, DC, August 2001
Forrest S, Hofmeyr SA, Somayaji A, Longstaff TA (1996) A sense of self for Unix processes. In: Proceedings of the IEEE symposium on security and privacy, Oakland, CA, May 1996, pp 120–128
Frank J (1994), Artificial intelligence and intrusion detection: current and future directions. In: Proceedings of the 17th conference on national computer security, Baltimore, MD, pp 22–33
Ilgun K, Kemmerer RA, Porras PA (1995) State transition analysis: a rule-based intrusion detection approach. IEEE Trans Softw Eng 21(3):181–199
Ko C, Fink G, Levitt K (1994) Automated detection of vulnerabilities in privileged programs by execution monitoring. In: Proceedings of the IEEE symposium on security and privacy, pp 134–144
Ko C, Redmond T (2002) Noninterference and intrusion detection. In: Proceedings of the IEEE symposium on security and privacy, Berkeley, CA, May 2002, pp 177–187
Kumar S, Spafford EH (1994) A pattern matching model for misuse intrusion detection. In: Proceedings of the 17th conference on national computer security, pp 11–21
Linux kernel patch from the Openwall Project (2003) http://www.openwall.com/linux/
Lunt TF, Jagannathan R (1988) A prototype real-time intrusion-detection expert system. In: Proceedings of the IEEE symposium on security and privacy, Oakland, CA, April 1988, pp 59–66
Scheifler RW, Gettys J (1987) The X Window System. ACM Trans Graph 5(2):79–109
Sekar R, Bowen T, Segal M (1999) On preventing intrusions by process behavior monitoring. In: Workshop on intrusion detection and network monitoring, pp 29-40
Stevens WR (1992) Advanced programming in the UNIX environment. Addison-Wesley, Reading, MA
Sun Microsystems (1993) Man pages: Rdist – remote file distribution program
Teng HS, Chen K, Lu S C-Y (1990) Adaptive real-time anomaly detection using inductively generated sequential patterns. In: Proceedings of the IEEE symposium on security and privacy, Oakland, CA, May 1990, pp 278–284
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lhee, Ks., Chapin, S. Detection of file-based race conditions. IJIS 4, 105–119 (2005). https://doi.org/10.1007/s10207-004-0068-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-004-0068-2