Avoiding Serialization Vulnerabilities through the Use of Synchronization Contracts
نویسندگان
چکیده
Synchronization contracts facilitate the development and analysis of multi-threaded programs and can be used to guard against serialization vulnerabilities, which pose serious security risks and which are very difficult to detect. In practice, however, real applications cannot be written entirely with a language that supports synchronization contracts, but must incorporate system libraries and third-party code. This paper describes a technique for removing serialization vulnerabilities from existing code in source or (with linker support) binary form, thereby permitting the code to be safely integrated into an application that is written using synchronization contracts. We have applied the technique in writing a multi-threaded web server using synchronization contracts.
منابع مشابه
Area and Performance Optimization of Barrier Synchronization on Multi-core Network-on-Chips
Barrier synchronization is commonly and widely used to synchronize the execution of parallel processor cores on multi-core Network-on-Chips (NoCs). Since its global nature may cause heavy serialization resulting in large performance penalty, barrier synchronization should be carefully designed to have low latency communication and to minimize overall completion time. Therefore, in the paper, we...
متن کاملLow Cost Support for Fine-Grain Sychronization in. . .
As multiprocessors scale beyond the limits of a few tens of processors, they must look beyond traditional methods of synchronization to minimize serialization and achieve the high degrees of parallelism required to utilize large machines. By allowing synchronization at the level of the smallest unit of memory, ne-grain synchronization achieves these goals. Unfortunately, supporting e cient ne-g...
متن کاملEvil Pickles: DoS Attacks Based on Object-Graph Engineering (Artifact)
This artefact demonstrates the effects of the serialisation vulnerabilities described in the companion paper. It is composed of three components: scripts, including source code, for Java, Ruby and C# serialisation-vulnerabilities, two case studies that demonstrate attacks based on the vulnerabilities, and a contracts-based mitigation strategy for serialisation-based attacks on Java applications...
متن کاملLow-Cost Support for Fine-Grain Synchronization in Multiprocessors
As multiprocessors scale beyond the limits of a few tens of processors, they must look beyond traditional methods of synchronization to minimize serialization and achieve the high degrees of parallelism required to utilize large machines. By allowing synchronization at the level of the smallest unit of memory, ne-grain synchronization achieves these goals. Unfortunately, supporting e cient ne-g...
متن کاملUnexpected Banking Loan Losses in an Estimated DSGE Model
In spite of realizing more loss than expected and reserved provision in loaning process, some of our banks avoid recognizing the losses, through extension of the loan contracts and consequently do not shift the realized losses to their capital. With this in mind, the major objective of this study is to design a frame-work, through which we can explain the differences between the results of t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004