File-based Race Condition Attacks on Multiprocessors Are Practical ThreatReport as inadecuate


File-based Race Condition Attacks on Multiprocessors Are Practical Threat


File-based Race Condition Attacks on Multiprocessors Are Practical Threat - Download this document for free, or read online. Document in PDF available to download.

TOCTTOU Time-of-Check-to-Time-of-Use attacks exploit race conditions in file systems. Although TOCTTOU attacks have been known for 30 years, they have been considered -low risk- due to their typically low probability of success, which depends on fortuitous interleaving between the attacker and victim processes. For example, recent discovery of TOCTTOU vulnerability in vi showed a success rate in low single digit percentages for files smaller than 1MB size. In this paper, we show that in a multiprocessor the uncertainties due to scheduling are reduced, and the success probability of vi attack increases to almost 100% for files of 1 byte size. Similarly, another recently discovered vulnerability in gedit, which had almost zero probability of success, changes to 83% success rate on a multiprocessor. The main reason for the increased success rate to almost certainty is the speed up of attacker process when running on a dedicated processor. These case studies show the sharply increased risks represented by file-based race condition attacks such as TOCTTOU on the next generation multiprocessors, e.g., those with multi-core processors.



CERCS Technical Reports -



Author: Wei, Jinpeng - Pu, Calton - -

Source: https://smartech.gatech.edu/







Related documents