Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
BlueBoX: A policy-driven, host-based intrusion detection system
ACM Transactions on Information and System Security (TISSEC)
ITS4: A static vulnerability scanner for C and C++ code
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Improving Computer Security Using Extended Static Checking
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Noninterference and Intrusion Detection
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
The Confused Deputy: (or why capabilities might have been invented)
ACM SIGOPS Operating Systems Review
RacerX: effective, static detection of race conditions and deadlocks
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Kernel korner: unionfs: bringing filesystems together
Linux Journal
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Preventing race condition attacks on file-systems
Proceedings of the 2005 ACM symposium on Applied computing
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Detecting past and present intrusions through vulnerability-specific predicates
Proceedings of the twentieth ACM symposium on Operating systems principles
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
Model Checking An Entire Linux Distribution for Security Violations
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Towards Automatic Generation of Vulnerability-Based Signatures
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Compositional dynamic test generation
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Monitoring the Security Health of Software Systems
ISSRE '06 Proceedings of the 17th International Symposium on Software Reliability Engineering
TOCTTOU vulnerabilities in UNIX-style file systems: an anatomical study
FAST'05 Proceedings of the 4th conference on USENIX Conference on File and Storage Technologies - Volume 4
RaceGuard: kernel protection from temporary file race vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Analyzing integrity protection in the SELinux example policy
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Dynamic detection and prevention of race conditions in file accesses
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Fixing races for fun and profit: how to use access(2)
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Automating mimicry attacks using static binary analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Dynamic test input generation for database applications
Proceedings of the 2007 international symposium on Software testing and analysis
Bouncer: securing software by blocking bad input
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Flayer: exposing application internals
WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
Portably solving file TOCTTOU races with hardness amplification
FAST'08 Proceedings of the 6th USENIX Conference on File and Storage Technologies
Practical Proactive Integrity Preservation: A Basis for Malware Defense
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
EXE: Automatically Generating Inputs of Death
ACM Transactions on Information and System Security (TISSEC)
Verifying compliance of trusted programs
SS'08 Proceedings of the 17th conference on Security symposium
Exploiting Unix File-System Races via Algorithmic Complexity Attacks
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Operating system integrity in OS/VS2
IBM Systems Journal
RWset: attacking path explosion in constraint-based test generation
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Why Johnny can't pentest: an analysis of black-box web vulnerability scanners
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
SNOOZE: toward a stateful network protocol fuzZEr
ISC'06 Proceedings of the 9th international conference on Information Security
RPS: an extension of reference monitor to prevent race-attacks
PCM'04 Proceedings of the 5th Pacific Rim conference on Advances in Multimedia Information Processing - Volume Part I
Execution generated test cases: how to make systems code crash itself
SPIN'05 Proceedings of the 12th international conference on Model Checking Software
Process firewalls: protecting processes during resource access
Proceedings of the 8th ACM European Conference on Computer Systems
Hi-index | 0.00 |
The process of name resolution, where names are resolved into resource references, is fundamental to computer science, but its use has resulted in several classes of vulnerabilities. These vulnerabilities are difficult for programmers to eliminate because their cause is external to the program: the adversary changes namespace bindings in the system to redirect victim programs to a resource of the adversary's choosing. Researchers have also found that these attacks are very difficult to prevent systematically. Any successful defense must have both knowledge about the system namespace and the program intent to eradicate such attacks. As a result, finding and fixing program vulnerabilities to such as attacks is our best defense. In this paper, we propose the STING test engine, which finds name resolution vulnerabilities in programs by performing a dynamic analysis of name resolution processing to produce directed test cases whenever an attack may be possible. The key insight is that such name resolution attacks are possible whenever an adversary has write access to a directory shared with the victim, so STING automatically identifies when such directories will be accessed in name resolution to produce test cases that are likely to indicate a true vulnerability if undefended. Using STING, we found 21 previously-unknown vulnerabilities in a variety of Linux programs on Ubuntu and Fedora systems, demonstrating that comprehensive testing for name resolution vulnerabilities is practical.