Detecting race condition attacks on file systems |
Posted on:2006-07-08 | Degree:M.S | Type:Thesis |
University:University of Missouri - Kansas City | Candidate:Vuchuru, Mayura | Full Text:PDF |
GTID:2458390008975678 | Subject:Computer Science |
Abstract/Summary: | |
Race conditions on files occur when a process assumes that a sequence of operations on a file is atomic. However, during the timing window between these two operations, a malicious process can change characteristics of the file that the victim process is accessing. Hence the victim process will now operate on a modified or different file for its next operation. Several attacks have successfully exploited these race conditions causing significant damage especially when the victim process is running with super-user privileges. Our system provides a mechanism that will allow the detection of different types of file based race condition attacks. This is done by enforcement of two types of security policies: generic policies applicable to most programs and program-specific policies which incorporate a program's behavior. We discuss an evaluation of our system using an attack set we developed from CERT and RedHat Linux advisories. |
Keywords/Search Tags: | File, Race, Process, Attacks |
|
Related items |