Multiprocessing environments such as Unix are susceptible to race conditions on the file space, since processes share files in the system. A process accessing a file may get unexpected results while executing in a critical section if the binding between the file name and the file object is altered by another process. Such errors, called time-of-check-to-time-of-use (TOCTTOU) binding flaws, are among the most prevalent security flaws. This paper presents a model that detects TOCTTOU binding flaws by checking the integrity of bindings between file names and file objects at run time and a simplified prototype of the detection model. We discuss the properties of the detection model and its run-time overhead, based on the results of experiments on the prototype.
- Race condition
- Time-of-check-to-time-of-use (TOCTTOU) flaws
ASJC Scopus subject areas
- Information Systems
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications