Detection of file-based race conditions

Kyung Suk Lhee, Steve J. Chapin

Research output: Contribution to journalArticle

23 Scopus citations

Abstract

Multiprocessing environments such as Unix are susceptible to race conditions on the file space, since processes share files in the system. A process accessing a file may get unexpected results while executing in a critical section if the binding between the file name and the file object is altered by another process. Such errors, called time-of-check-to-time-of-use (TOCTTOU) binding flaws, are among the most prevalent security flaws. This paper presents a model that detects TOCTTOU binding flaws by checking the integrity of bindings between file names and file objects at run time and a simplified prototype of the detection model. We discuss the properties of the detection model and its run-time overhead, based on the results of experiments on the prototype.

Original languageEnglish (US)
Pages (from-to)105-119
Number of pages15
JournalInternational Journal of Information Security
Volume4
Issue number1-2
DOIs
StatePublished - Feb 1 2005

Keywords

  • Race condition
  • Security
  • Time-of-check-to-time-of-use (TOCTTOU) flaws

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Detection of file-based race conditions'. Together they form a unique fingerprint.

Cite this