Sciweavers

Share
VEE
2012
ACM

Protecting applications against TOCTTOU races by user-space caching of file metadata

7 years 5 months ago
Protecting applications against TOCTTOU races by user-space caching of file metadata
Time Of Check To Time Of Use (TOCTTOU) race conditions for file accesses in user-space applications are a common problem in Unix-like systems. The mapping between filename and inode and device is volatile and can provide the necessary preconditions for an exploit. Applications use filenames as the primary attribute to identify files but the mapping between filenames and inode and device can be changed by an attacker. DynaRace is an approach that protects unmodified applications from file-based TOCTTOU race conditions. DynaRace uses a transparent mapping cache that keeps additional state and metadata for each accessed file in the application. The combination of file state and the current system call type are used to decide if (i) the metadata is updated or (ii) the correctness of the metadata is enforced between consecutive system calls. DynaRace uses user-mode path resolution internally to resolve individual file atoms. Each file atom is verified or updated according to th...
Mathias Payer, Thomas R. Gross
Added 25 Apr 2012
Updated 25 Apr 2012
Type Journal
Year 2012
Where VEE
Authors Mathias Payer, Thomas R. Gross
Comments (0)
books