System and method for preventing race condition vulnerability
First Claim
1. A method for reducing vulnerability in a computer system, the computer system having a generation unit, a timer and memory, by identifying vulnerable pairs of function calls, comprising the steps of:
- generating, by the generation unit, a plurality of pairs of the function calls according to a predefined criteria;
invoking a first function call from a pair of the function calls by a first user;
creating a file invariant associated with the pair of the function calls, the file invariant having a tainted flag;
starting the timer;
associating the timer with the file invariant;
if a second function call is from the pair of the function calls and is invoked by a second user and the timer has not expired, denying the second function call to the second user;
if the second function call is from the pair of the function calls and is invoked by the second user and the timer has expired, setting the tainted flag for the file invariant and allowing the second function call by the second user;
if the second function call is from the pair of the function calls and is invoked by the first user and the tainted flag for the file invariant is set, denying the second function call to the first user; and
if the second function call is from the pair of the function calls and is invoked by the first user and the tainted flag for the file invariant is not set, allowing the second function call to the first user, removing the file invariant, and stopping the timer.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for identifying vulnerable system call pairs is disclosed. The method is based on a model for identifying Time-Of-Check-To-Time-Of-Use (TOCTTOU) problem (called STEM), which enumerates the potential file system call pairs (called exploitable TOCTTOU pairs) that form the check/use steps. The system function calls are classified into a plurality of predefined classes and pairs of the function calls are formed according to predefined criteria, where the function calls within a pair are associated with the same file invariant.
-
Citations
27 Claims
-
1. A method for reducing vulnerability in a computer system, the computer system having a generation unit, a timer and memory, by identifying vulnerable pairs of function calls, comprising the steps of:
-
generating, by the generation unit, a plurality of pairs of the function calls according to a predefined criteria; invoking a first function call from a pair of the function calls by a first user; creating a file invariant associated with the pair of the function calls, the file invariant having a tainted flag; starting the timer; associating the timer with the file invariant; if a second function call is from the pair of the function calls and is invoked by a second user and the timer has not expired, denying the second function call to the second user; if the second function call is from the pair of the function calls and is invoked by the second user and the timer has expired, setting the tainted flag for the file invariant and allowing the second function call by the second user; if the second function call is from the pair of the function calls and is invoked by the first user and the tainted flag for the file invariant is set, denying the second function call to the first user; and if the second function call is from the pair of the function calls and is invoked by the first user and the tainted flag for the file invariant is not set, allowing the second function call to the first user, removing the file invariant, and stopping the timer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for reducing vulnerability in a computer system by identifying vulnerable pairs of function calls, comprising:
-
a classifying unit for classifying the function calls into a plurality of predefined classes; and a generation unit for generating a plurality of pairs of the function calls according to a predefined criteria; wherein a file invariant is created by the computer system and associated with a pair of the function calls generated by the generation unit when a first function call from the pair of the function calls is invoked by a first user, the file invariant includes a tainted flag, the tainted flag is set when the pair of function calls being invoked by two different processes, the file invariant is associated with a timer and the timer is set when the first function call from the pair of the function calls is invoked by a first user, if the timer is expired and a second function call in the pair of the function calls is invoked by a second user, allowing the second function call by the second user and setting the tainted flag, and if the second function call in the pair of the function calls is invoked by the first user and the tainted flag is not set, allowing the second function call by the first user, removing the file invariant, and stopping the timer. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer readable storage device having computer readable code, which when executed by a computer implements an operating system for a computer system with reduced vulnerability, the operating system comprising:
-
a library of plurality of function calls; a classifying unit, the classifying unit classifies the function calls into a plurality of predefined classes; and a generation unit, the generation unit generates a plurality of pairs of the function calls according to a predefined criteria, wherein each pair of the function calls being associated with a file invariant when a first function call from the pair of the function calls is invoked by a first user, the file invariant includes a tainted flag, the tainted flag is set when a pair of function calls being invoked by different processes, the file invariant is associated with a timer and the timer is set when the first function call from the pair of the function calls is invoked by the first user, if the timer is expired and a second function call in the pair of the function calls is invoked by a second user, allowing the second function call by the second user and setting the tainted flag, and if the second function call in the pair of the function calls is invoked by the first user and the tainted flag is not set, allowing the second function call by the first user, removing the file invariant, and stopping the timer. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
Specification