A taxonomy of computer program security flaws
ACM Computing Surveys (CSUR)
Handbook of Information Security Management
Handbook of Information Security Management
RaceGuard: kernel protection from temporary file race vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Portably solving file TOCTTOU races with hardness amplification
FAST'08 Proceedings of the 6th USENIX Conference on File and Storage Technologies
Portably solving file races with hardness amplification
ACM Transactions on Storage (TOS)
Protecting applications against TOCTTOU races by user-space caching of file metadata
VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
STING: finding name resolution vulnerabilities in programs
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Hi-index | 0.00 |
Most software involves some vulnerabilities because of various potential factors such as design flaw and program bug. Among them, a faulty assumption on file access results in a side-effect as known TOCTTOU vulnerability. Race–attack is an attack using this vunerability. In this paper, we propose a novel mechanism to prevent race–attack, each process maintains status of related object at check step operation and compares the status of the use step with that of the check step. Since every process must pass through the reference monitor to use an object, it is the most suitable point to detect the attack and response to the attack.