Announcements

Center for Information Protection
UC Davis is planning to join the NSF I/UCRC Center for Information Protection. We are looking for companies to join our Industrial Advisory Board.
Find out more here!

Conferences and Workshops

My Links

Other Links

This Quarter’s Classes

Office Hours for This Quarter

Contacting Me

Checking for Race Conditions in File Accesses


Citation

  • M. Bishop and M. Dilger, “Checking for Race Conditions in File Accesses”, Technical Report CSE-95-10, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (Sep. 1995).

Paper

Abstract

We develop a theory of vulnerabilities and their signatures, and use this theory to categorize race conditions that occur when processes interact with files in the UNIX operating system and that present security vulnerabilities. We present a formal language for describing these vulnerabilities, and derive an underlying characteristic. Using this characteristic, we present a tool that analyzes programs for possible race conditions, and present the results of one such analysis in which five previously undiscovered potential race conditions were located in a very widely used program. We conclude that the basic theory and application is sound enough to aid in the detection of those flaws, and that the methodology appears to generalize well to other classes of vulnerabilities.

Background

This reports on an experiment in detecting race conditions involving file accesses.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh
Last updated on Monday, July 20, 2009 at 10:33:11AM PDT