System and method for preventing race condition vulnerability

US 20080016410A1
Filed: 07/11/2006
Published: 01/17/2008
Est. Priority Date: 07/11/2006
Status: Active Grant

First Claim

Patent Images

1. A method for reducing vulnerability in a computer system by identifying vulnerable pairs of function calls, comprising the steps of:

classifying the function calls into to a plurality of predefined classes; and

generating a plurality of pairs of the function calls according to a predefined criteria,wherein each pair of the function calls being associated with a file invariant.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for identifying vulnerable system call pairs is disclosed. The method is based on a model for identifying Time-Of-Check-To-Time-Of-Use (TOCTTOU) problem (called STEM), which enumerates the potential file system call pairs (called exploitable TOCTTOU pairs) that form the check/use steps. The system function calls are classified into a plurality of predefined classes and pairs of the function calls are formed according to predefined criteria, where the function calls within a pair are associated with the same file invariant.

29 Citations

View as Search Results

28 Claims

1. A method for reducing vulnerability in a computer system by identifying vulnerable pairs of function calls, comprising the steps of:
- classifying the function calls into to a plurality of predefined classes; and
  
  generating a plurality of pairs of the function calls according to a predefined criteria,wherein each pair of the function calls being associated with a file invariant.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 further comprising the steps of:
    - invoking a first function call from a pair of the function calls; and
      
      creating a file invariant.
  - 3. The method of claim 2 further comprising the steps of:
    - starting a timer;
      
      associating the timer with the file invariant; and
      
      disabling the file invariant if the timer expires and there is a function call from a different user.
  - 4. The method of claim 2 further comprising the steps of:
    - invoking a second function call; and
      
      checking information from the second function call against the file invariant.
  - 5. The method of claim 4 further comprising the step of indicating an alert if the information from the second functional call is different from the file invariant.
  - 6. The method of claim 4 further comprising the step of setting a flag if the information from the second functional call is different from the file invariant.
  - 7. The method of claim 1, wherein the step of generating a plurality of pairs further comprising the step of pairing a function call from a first predefined class with a function call from a second predefined class.
  - 8. The method of claim 1, wherein the file invariant being a link between a file name and a file storage location.
  - 9. The method of claim 1, wherein the file invariant being a file ownership information.
  - 10. The method of claim 1, wherein the file invariant being a file size information.
  - 11. The method of claim 1, wherein the plurality of predefined classes include creation, removal, check, and normal use.
  - 12. The method of claim 1, wherein the plurality of pairs being a full list of potential combination of pairs of function calls that conform to the predefined criteria.

13. A system for reducing vulnerability in a computer system by identifying vulnerable pairs of function calls, comprising:
- a classifying unit for classifying the function calls into a plurality of predefined classes; and
  
  a generation unit for generating a plurality of pairs of the function calls according to a predefined criteria;
  
  wherein each pair of the function calls being associated with a file invariant.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The system of claim 13, further comprising a file invariant creation unit for creating a file invariant when a first function call within a pair of the function calls is invoked.
  - 15. The system of claim 14, further comprising a file invariant checking unit for checking information created when a second function call is invoked against the first file invariant.
  - 16. The system of claim 13, wherein the generation unit further being capable of pairing a function call from a first predefined class with a function call from a second predefined class.
  - 17. The system of claim 13, wherein the file invariant being a link between a file name and a file storage location.
  - 18. The system of claim 13, wherein the file invariant being a file ownership information.
  - 19. The system of claim 13, wherein the file invariant being a file size information.
  - 20. The system of claim 13, wherein the plurality of predefined classes include creation, removal, check, and normal use.

21. An operating system for a computer system with reduced vulnerability, comprising:
- a library of plurality of function calls;
  
  a classifying unit for classifying the function calls into a plurality of predefined classes; and
  
  a generation unit for generating a plurality of pairs of the function calls according to a predefined criteria;
  
  wherein each pair of the function calls being associated with a file invariant.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
- - 22. The operating system of claim 21, further comprising a file invariant creation unit for creating a file invariant when a first function call within a pair of the function calls is invoked.
  - 23. The operating system of claim 22, further comprising a file invariant checking unit for checking information created when a second function call is invoked against the first file invariant.
  - 24. The operating system of claim 21, wherein the generation unit further being capable of pairing a function call from a first predefined class with a function call from a second predefined class.
  - 25. The operating system of claim 21, wherein the file invariant being a link between a file name and a file storage location.
  - 26. The operating system of claim 21, wherein the file invariant being a file ownership information.
  - 27. The operating system of claim 21, wherein the file invariant being a file size information.
  - 28. The operating system of claim 21, wherein the plurality of predefined classes include creation, removal, check, and normal use.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Georgia Tech Research Corporation (University System of Georgia)
Original Assignee
Georgia Tech Research Corporation (University System of Georgia)
Inventors
Wei, Jinpeng, Pu, Calton

Granted Patent

US 8,127,413 B2
Time in Patent Office

Days
Field of Search
US Class Current

714/47
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 21/64   Protecting data integrity, ...

G06F 2221/2105   Dual mode as a secondary as...

System and method for preventing race condition vulnerability

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for preventing race condition vulnerability

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links