Modeling, Finding, Analyzing and Taming TOCTTOU Vulnerabilities in Unix-Style File Systems

概要

論文の詳細を見る
Due to their non-deterministic nature, Time of Check To Time of Use (TOCTTOU) vulnerabilities in Unix-style file systems are difficult to find and prevent. We describe a comprehensive model of TOCTTOU vulnerabilities, enumerating 280 file system call pairs that may lead to successful TOCTTOU attacks. Based on this model, we built kernel monitoring and event analysis tools that confirmed known vulnerabilities and discovered new ones (in often-used system utilities such as rpm, vi, and emacs). We evaluated the probability of successfully exploiting these newly discovered vulnerabilities and analyzed in detail the system events during such attacks. We also implemented a kernel-level protection mechanism that can prevent TOCTTOU attacks. Our performance evaluation shows that the dynamic monitoring of system calls introduces non-negligible overhead in microbenchmark of those file system calls, but their impact on application benchmarks such as Andrew and PostMark is only a few percent.
社団法人電子情報通信学会の論文
2006-12-08