Announcements

Center for Information Protection
UC Davis is planning to join the NSF I/UCRC Center for Information Protection. We are looking for companies to join our Industrial Advisory Board.
Find out more here!

Conferences and Workshops

My Links

Other Links

This Quarter’s Classes

Office Hours for This Quarter

Contacting Me

Race Conditions, Files, and Security Flaws; or the Tortoise and the Hare Redux


Citation

  • M. Bishop, “Race Conditions, Files, and Security Flaws; or the Tortoise and the Hare Redux”, Technical Report CSE-95-9, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (Sep. 1995).

Paper

Abstract

A pernicious type of security problem, race conditions create a timing interval in which the manipulation of resources allows an attacker to gain privileges, read and alter protected files, and violate the security policy of the site. The majority of these conditions found on applications and system programs in the UNIX operating system arise during file system manipulation and file accesses. This paper discusses why race conditions arise, presents some examples, and explores ways to alleviate the problem of their occurrence in programs, both through modification of system calls and careful programming. A tool to scan for potential race conditions, as well as a library function to analyze the environment dynamically at run time (and thus detect such conditions) are presented.

Background

This reports on a theory of how to detect race conditions involving file accesses.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh
Last updated on Monday, July 20, 2009 at 10:33:11AM PDT