System and method for preventing race condition vulnerability
First Claim
Patent Images
1. A method for reducing vulnerability in a computer system by identifying vulnerable pairs of function calls, comprising the steps of:
- classifying the function calls into to a plurality of predefined classes; and
generating a plurality of pairs of the function calls according to a predefined criteria,wherein each pair of the function calls being associated with a file invariant.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for identifying vulnerable system call pairs is disclosed. The method is based on a model for identifying Time-Of-Check-To-Time-Of-Use (TOCTTOU) problem (called STEM), which enumerates the potential file system call pairs (called exploitable TOCTTOU pairs) that form the check/use steps. The system function calls are classified into a plurality of predefined classes and pairs of the function calls are formed according to predefined criteria, where the function calls within a pair are associated with the same file invariant.
29 Citations
28 Claims
-
1. A method for reducing vulnerability in a computer system by identifying vulnerable pairs of function calls, comprising the steps of:
-
classifying the function calls into to a plurality of predefined classes; and generating a plurality of pairs of the function calls according to a predefined criteria, wherein each pair of the function calls being associated with a file invariant. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for reducing vulnerability in a computer system by identifying vulnerable pairs of function calls, comprising:
-
a classifying unit for classifying the function calls into a plurality of predefined classes; and a generation unit for generating a plurality of pairs of the function calls according to a predefined criteria; wherein each pair of the function calls being associated with a file invariant. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. An operating system for a computer system with reduced vulnerability, comprising:
-
a library of plurality of function calls; a classifying unit for classifying the function calls into a plurality of predefined classes; and a generation unit for generating a plurality of pairs of the function calls according to a predefined criteria; wherein each pair of the function calls being associated with a file invariant. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
-
Specification