Sciweavers

SP
2009
IEEE

Exploiting Unix File-System Races via Algorithmic Complexity Attacks

14 years 7 months ago
Exploiting Unix File-System Races via Algorithmic Complexity Attacks
We defeat two proposed Unix file-system race condition defense mechanisms. First, we attack the probabilistic defense mechanism of Tsafrir, et al., published at USENIX FAST 2008[26]. We then show that the same attack breaks the kernel-based dynamic race detector of Tsyrklevich and Yee, published at USENIX Security 2003[28]. We then argue that all kernel-based dynamic race detectors must have a model of the programs they protect or provide imperfect protection. The techniques we develop for performing these attacks work on multiple Unix operating systems, on uni- and multi-processors, and are useful for exploiting most Unix file-system races. We conclude that programmers should use provably-secure methods for avoiding race conditions when accessing the file-system.
Xiang Cai, Yuwei Gui, Rob Johnson
Added 21 May 2010
Updated 21 May 2010
Type Conference
Year 2009
Where SP
Authors Xiang Cai, Yuwei Gui, Rob Johnson
Comments (0)