期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

类Unix文件系统中TOCTTOU缺陷的静态分析方法 被引量:2

Static Analysis of TOCTTOU Vulnerabilities in Unix-Style File System
下载PDF
导出
摘要 文件系统中的TOCTTOU缺陷是类Unix操作系统面临的一个严重安全问题,现有的静态检测方法具有很高的误报率.原因有2点:一是对导致TOCTTOU缺陷的函数对缺乏精确定义和分析;二是分析过程过度抽象,忽略了很多重要的程序信息.因此,首先对TOCTTOU缺陷进行了分类,并系统分析了C标准库中可以导致TOCTTOU缺陷的函数对.在此基础上,提出了一种TOCTTOU缺陷的静态分析方法,利用有限状态安全属性刻画TOCTTOU缺陷,分析精度达到了过程内路径敏感、过程间流敏感.实验结果表明,该方法能够有效检测C程序中的TOCTTOU缺陷,相比现有方法,有效降低了误报率. TOCTTOU is a serious threat to Unix-style file systems. All the existing static detection methods have high false positive rate. There are two reasons., firstly, the function pairs which may cause TOCTTOU vulnerabilities are not defined and enumerated accurately; and secondly, the methods make an o^eer-approximation of the program and omit a lot of useful information. In this paper, we first systematically examine the TOCTTOU pairs in the standard C library. On this basis, a static analysis method is presented to detect the TOCTTOU vulnerabilities. Vulnerability is expressed as a finite safety state property. At each program point, a value is associated to a set of states. To make the analysis more precise, the algorithm is inter-procedurally flow sensitive and intra- procedurally path sensitive. To achieve scalability, the safety state property of each procedural is analyzed independently and the inter-procedurally analysis is summary based. The experimental results show that this method can effectively find TOCTTOU vulnerabilities in C programs. In comparison with other static methods, this method can effectively reduce false positive rate.
作者 韩伟 贺也平
机构地区 基础软件国家工程中心(中国科学院软件研究所) 中国科学院研究生院 石家庄铁道大学信息科学与技术学院
出处 《计算机研究与发展》 EI CSCD 北大核心 2011年第8期1430-1437,共8页 Journal of Computer Research and Development
基金 国家自然科学基金项目(90818012) "核高基"国家科技重大专项(2010ZX01036-001-002) 中国科学院知识创新工程重要方向项目(KGCX2-YW-125)
关键词 TOCTTOU缺陷 文件竞争条件 静态分析 流敏感分析 路径敏感分析 TOCTTOU vulnerabilities file race conditions static analysis flow sensitive analysis path sensitive analysis
分类号 TP311 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献21

  • 1CVE [EB/OL]. [2011-01-21]. http://www, cve. mitre, org.
  • 2Wei J, Pu C. Multiprocessors may reduce system dependability under file-based race condition attacks [C]// Proc of the 37th Annual IEEE/IFIP Int Conf on Dependable Systems and Networks. Washington: IEEE Computer Society, 2007:358-367.
  • 3Bishop M, Dilger M. Checking for race conditions in file accesses[J]. Computing Systems, 1996, 9(2): 131-152.
  • 4Chen H, Dean D, Wagner D. Model checking one million lines of C code[C] //Proc of the llth Annual Network and Distributed System Security Syrup. Reston: The Internet Society, 2004:171-185.
  • 5Schwarz B, Chen H Wagner, Lin J, et al. Model checking an entire Linux distribution for security violations [C] //Proc of of the 21st Annual Computer Security Applications Conf. Washington: IEEE Computer Society, 2005:13-22.
  • 6Cowan C, Beattie S, Wright C, et al. Raceguard: Kernel protection from temporary file race vulnerabilities [C] //Proc of the 10th USENIX Security Syrup. Berkeley: USENIX, 2001, 165-172.
  • 7Tsyrklevich E, Yee B. Dynamic detection and prevention of race conditions in file accesses [C]//Proc of the 12th USENIX Security Symp. Berkeley: USENIX, 2003: 243- 256.
  • 8Uppuluri P, Joshi U, Ray A. Preventing race condition attacks on file-systems [C] //Proe of the 2005 ACM Symp on Applied Computing(SAC 2005). New York: ACM, 2005: 346-353.
  • 9Pu C, Wei J. A methodical defense against tocttou attacks:The edgi approach [C]//Proc of Int Symp on Secure Software Engineering ( ISSSE'06 ). Washington:IEEE Computer Society, 2006: 399-409.
  • 10Wei JinPeng, Pu C. Modeling and preventing tocttou vulnerabilities in Unix-style file systems [J]. Computers Security, 2010, 29(8): 815-830.

二级参考文献10

  • 1R. H. Netzer, B. P. Miller. What are race conditions? Some issues and formalizations. ACM Letters on Programming Languages and Systems, 1992, 1(1) : 74-88.
  • 2J.D. Choi, A. Loginov, V. Sarkar. Static datarace analysis for multithreaded object-oriented programs. IBM Research, Tech.Rep. : RC22146, 2001.
  • 3C. Praun, T. Gross. Static conflict analysis for multi-threaded object-oriented programs. In: Proc. ACM SIGPLAN 2003 Conf.Programming Language Design and Implementation. New York:ACM Press, 2003. 115-128.
  • 4Dawson Engler, Ken Ashcraft. RacerX: Effective, static detection of race conditions and deadlocks. ACM Symposium on Operating Systems Principles. New York: ACM Press, 2003.237-252.
  • 5J. Choi, K. Lee, A. Loginov, et al. Efficient and precise datarace detection for multithreaded object-oriented programs. In:Proc. ACM SIGPLAN 2002 Conf. Programming Language Design and Implementation. New York: ACM Press, 2002. 258- 269.
  • 6W. Landi. Undecidability of static analysis. ACM Letters on Programming Languages and Systems, 1992, 1 (4) : 323- 337.
  • 7Erik Ruf, Effective synchronization removal for Java. In: Proc.ACM SIGPLAN 2000 Conf. Programming Language Design and Implementation. New York: ACM Press, 2000. 208-218.
  • 8L, Lamport. Time, clocks, and the ordering of events in a distributed system, Communications of the ACM, 1978, 21 (7) :558-565.
  • 9Martin Rinard. The flex program analysis and compilation system,http://www.flex-compiler. csail. mit. edu, 1999-06-10.
  • 10.[EB/OL].http ://www. codeproject. com/,2004.

共引文献20

同被引文献25

  • 1Zheng X, Rugina R. Demand-driven alias analysis for C [C] //Proc of the 35th Annual ACM SIGPLAN-SIGACT Symp on Principles of Programming Languages (POPL 2008). New York: ACM, 2008: 197-208.
  • 2Alpuente M, Felifl M A, Joubert C, et al. DATALOG_ SOLVE: A datalog-based demand-driven program analyzer [J]. Electronic Notes in Theoretical Computer Science, 2009, 248:57-66.
  • 3Rebecca H, Susan H. Using static single assignment form to improve flow-insensitive pointer analysis [C] //Proc of the ACM SIGPLAN 1997 Conf on Programming Language Design and Implementation(PLDI 1997). New York: ACM, 1997:97-105.
  • 4Hardekopf B, Lin C. Flow-sensitive pointer analysis for millions of lines of code [C] //Proc of the 9th Annual IEEE/ ACM Int Symp on Code Generation and Optimization (CGO 2011). Los Alamitos, CA: IEEE Computer Society, 2011: 289-298.
  • 5Yu H, XueJ, Huo W, et al. Level by level.. Making flow- and context-sensitive pointer analysis scalable for millions of lines of code [C] //Proc of the 8th Annual IEEE/ACM Int Symp on Code Generation and Optimization (CGO 2010). New York: ACM, 2010:218-229.
  • 6Lam M S, Sethi R, Ullman J D. Compilers: Principles, Techniques, & Tools [M]. Boston, MA: Addison Wesley Longman, 2007.
  • 7Lattner C, Adve V. LLVM: A compilation framework for lifelong program analysis & transformation [C] //Proc of the 2nd Anuual IEEE/ACM Int Syrup on Code Generation and Optimization ( CGO 2004 ). Los Alamitos, CA: IEEE Computer Society, 2004:75-86.
  • 8Bienia C, Kumar S, Singh J P, et al. The PARSEC benchmark suite : Characterization and architectural implications [C] //Proc of the 17th Int Conf on Parallel Architectures and Compilation Techniques. New York: ACM, 2008:72-81.
  • 9Ramalingam G. The undecidability of aliasing [J]. ACM Trans on Programming Languages and Systems (TOPLAS), 1994, 16(5): 1467-1471.
  • 10Steensgaard B. Points-to analysis in almost linear time [C]// Proc of the 23rd Annual ACM SIGPLAN-SIGACT Syrup on Principles of Programming Languages (POPL 1996). New York: ACM, 1996:32-41.

引证文献2

二级引证文献2

计算机研究与发展
2011年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部