A Methodical Defense against TOCTTOU Attacks: The EDGI Approach
نویسندگان
چکیده
TOCTTOU is a challenging and significant problem, involving two-step (check and use) file object access by a victim process and simultaneously an attacker access to the same file object in-between the two steps. We describe a model-based, event-driven defense mechanism (called EDGI), which prevents such attacks by stopping the second process in-between the two steps. Our main contribution is the systematic design and implementation of EDGI defense and its evaluation. EDGI has no false negatives and very few false positives. It works without changing application code or API. A Linux kernel implementation shows the practicality of the EDGI defense, and an experimental evaluation shows low additional overhead on representative workloads.
منابع مشابه
Modeling and preventing TOCTTOU vulnerabilities in Unix-style file systems
TOCTTOU (Time-of-Check-To-Time-Of-Use) is a file-based race condition in Unix-style systems and characterized by a pair of file object access by a vulnerable program: a check operation establishes certain condition about the file object (e.g., the file exists), followed by a use operation that assumes that the established condition still holds. Due to the lack of support for transactions in Uni...
متن کاملPortably Solving File TOCTTOU Races with Hardness Amplification
The file-system API of contemporary systems makes programs vulnerable to TOCTTOU (time of check to time of use) race conditions. Existing solutions either help users to detect these problems (by pinpointing their locations in the code), or prevent the problem altogether (by modifying the kernel or its API). The latter alternative is not prevalent, and the former is just the first step: programm...
متن کاملFile-based Race Condition Attacks on Multiprocessors Are Practical Threat
TOCTTOU (Time-of-Check-to-Time-of-Use) attacks exploit race conditions in file systems. Although TOCTTOU attacks have been known for 30 years, they have been considered “low risk” due to their typically low probability of success, which depends on fortuitous interleaving between the attacker and victim processes. For example, recent discovery of TOCTTOU vulnerability in vi showed a success rate...
متن کامل“Defense” injuries in attacks on humans by domestic dog (Canis lupus familiaris) and jaguar (Panthera onca)
This communication describes two attacks by domestic and wild carnivores in Caceres County, localized in the Pantanal area, an extensive flooded plain in Mato Grosso State, Midwest region of Brazil. The first attack took place in an urban area and was caused by a Rottweiler dog (Canis lupus familiaris) created by the family of the victim. Another attack occurred in a rural area, caused by a jag...
متن کاملResilient Configuration of Distribution System versus False Data Injection Attacks Against State Estimation
State estimation is used in power systems to estimate grid variables based on meter measurements. Unfortunately, power grids are vulnerable to cyber-attacks. Reducing cyber-attacks against state estimation is necessary to ensure power system safe and reliable operation. False data injection (FDI) is a type of cyber-attack that tampers with measurements. This paper proposes network reconfigurati...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006