Checking for Race Conditions in File Accesses
Citation
- M. Bishop and M. Dilger,
“Checking for Race Conditions in File Accesses”,
Technical Report CSE-95-10,
Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562
(Sep. 1995).
Paper
Abstract
We develop a theory of vulnerabilities and their signatures, and use
this theory to categorize race conditions that occur when processes
interact with files in the UNIX operating system and that present
security vulnerabilities. We present a formal language for describing
these vulnerabilities, and derive an underlying characteristic. Using
this characteristic, we present a tool that analyzes programs for
possible race conditions, and present the results of one such analysis
in which five previously undiscovered potential race conditions were
located in a very widely used program. We conclude that the basic theory
and application is sound enough to aid in the detection of those flaws,
and that the methodology appears to generalize well to other classes of
vulnerabilities.
Background
This reports on an experiment in detecting race conditions involving file accesses.
