2008
DOI: 10.1145/1416944.1416948
|View full text |Cite
|
Sign up to set email alerts
|

Portably solving file races with hardness amplification

Abstract: The file-system API of contemporary systems makes programs vulnerable to TOCTTOU (timeof-check-to-time-of-use) race conditions. Existing solutions either help users to detect these problems (by pinpointing their locations in the code), or prevent the problem altogether (by modifying the kernel or its API). But the latter alternative is not prevalent, and the former is just the first step: Programmers must still address TOCTTOU flaws within the limits of the existing API with which several important tasks canno… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
32
0

Year Published

2009
2009
2021
2021

Publication Types

Select...
4
4
1

Relationship

0
9

Authors

Journals

citations
Cited by 26 publications
(32 citation statements)
references
References 26 publications
0
32
0
Order By: Relevance
“…TOCTOU races. TOCTOU race detection [32,33,35] has been a hot topic in the security community. Similar to RACEPRO, these systems often perform OS-level detection because file accesses are sanitized by the kernel.…”
Section: Related Workmentioning
confidence: 99%
“…TOCTOU races. TOCTOU race detection [32,33,35] has been a hot topic in the security community. Similar to RACEPRO, these systems often perform OS-level detection because file accesses are sanitized by the kernel.…”
Section: Related Workmentioning
confidence: 99%
“…Many papers on automated source code scanning followed (see [29] for a discussion of publicly available tools). Researchers developed many innovative techniques to detect and fix problems in programs that often led to security vulnerabilities [30]- [33].…”
Section: A Vulnerabilitiesmentioning
confidence: 99%
“…Figure 1 shows an example of ICR. [36,38] races. The difference is that while TOCTTOU races apply to conditions in the file system between competing processes, ICRs apply to memory accesses of multi-threaded programs.…”
Section: Introductionmentioning
confidence: 99%