What are race conditions?: Some issues and formalizations
ACM Letters on Programming Languages and Systems (LOPLAS)
Classification and detection of computer intrusions
Classification and detection of computer intrusions
Eraser: a dynamic data race detector for multithreaded programs
ACM Transactions on Computer Systems (TOCS)
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Partial-Order Reduction in Symbolic State-Space Exploration
Formal Methods in System Design - Special issue on CAV '97
A parameterized type system for race-free Java programs
OOPSLA '01 Proceedings of the 16th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Experiences with Specification-Based Intrusion Detection
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Noninterference and Intrusion Detection
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
USTAT: A Real-Time Intrusion Detection System for UNIX
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Intrusion detection/prevention using behavior specifications
Intrusion detection/prevention using behavior specifications
Dynamic detection and prevention of race conditions in file accesses
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Synthesizing fast intrusion prevention/detection systems from high-level specifications
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Portably solving file TOCTTOU races with hardness amplification
FAST'08 Proceedings of the 6th USENIX Conference on File and Storage Technologies
Portably solving file races with hardness amplification
ACM Transactions on Storage (TOS)
Data Protection in Memory Using Byte Reordering
PAISI, PACCF and SOCO '08 Proceedings of the IEEE ISI 2008 PAISI, PACCF, and SOCO international workshops on Intelligence and Security Informatics
Transactions on computational science XI
Protecting applications against TOCTTOU races by user-space caching of file metadata
VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
STING: finding name resolution vulnerabilities in programs
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Proceedings of the 2012 workshop on New security paradigms
| Hi-index | 0.00 |
Race condition attacks occur when a process performs a sequence of operations on a file, under the assumption that the operations are being executed "atomically". This can be exploited by a malicious process which changes the characteristics of that file between two successive operations on it by a victim process, thus, inducing the victim process to operate on a modified or diflerent file. In this paper we present a practical approach to detect and prevent such race condition attacks. We monitor file operations and enforce policies which prevent the exploitation of the temporal window between any consecutive file operations by a process. Our approach does not rely on knowledge of previously known attacks. In addition, our experiments on Linux demonstrated that attacks can be detected with false alarms of less than 3% with performance overheads less than 8% of the processes execution time.