Race Condition - Building Secure Software - Lecture Slides, Slides of Software Engineering

Download Race Condition - Building Secure Software - Lecture Slides and more Slides Software Engineering in PDF only on Docsity!

Race Condition

Overview

• Sin 16: Race Conditions
• Where does it occur?
• Which languages are affected?
• Critical vs. non-critical
• The different types
• Simple example
• Vulnerability: TOCTTOU
• How to spot them
• Code review
• Testing techniques
• Some threats

Where does it occur?

• Any electronics systems
  • Logic circuits
• Computer software
  • Distributed
  • Multithreaded

Which languages are affected?

• Can be created in any language.
• Languages not supporting threads or forked processes will not be affected but will be more susceptible to “time of check to time of use” (TOCTOU) attacks.

The Different Types

• Static – signal and complement are combined.
• Dynamic – results in multiple transitions, but only one is desired. - Can be avoided by not using more and 2 levels of gates.
• Essential – input has 2 transitions occurring in less time than the total feedback propagation time.

Simple Example

• 2 threads (T1 and T2) would like increment the value of a global integer (NUM).
• Declare the global integer. “int NUM = 0”
• T1 reads, increments, and stores the value into NUM. “0 + 1 = 1”
• T2 reads, increments, and stores the value into NUM. “1 + 1 = 2”
• Output global integer’s new value. “NUM = 2”

Vulnerability: TOCTTOU

• Time-of-check-to-time-of-use bug.
• Created when a process is checking for authentication then does some action upon it while the state may change between time of check and time of use.

How to spot them

• Multiple threads or processes are writing to the same resource. - Shared variable, shared memory, file system, other data stores.
• Files or directories created in common areas.
  • Temporary files.
• Signal handlers.
• Nonreentrant functions.

Testing Techniques

• Run the program on a single processor system.
  • If not crash occurs, move onto the next step.
• Run the program on a fast multiprocessor system. - If crash occurs, may have been caused by race condition.

Some Threats Introduced by Race

Condition [2]

• CVE-2009-

• Summary: Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12. through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227.
• Published: 09/28/
• CVSS Severity: 7.1 (HIGH)

Continued…

• CVE-2009-

• Summary: Race condition in the IP module in the kernel in Sun OpenSolaris snv_106 through snv_124 allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors related to the (1) tcp_do_getsockname or (2) tcp_do_getpeername function.
• Published: 12/08/
• CVSS Severity: 7.1 (HIGH)

Continued…

• CVE-2009-

• Summary: Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.
• Published: 12/14/
• CVSS Severity: 5.8 (MEDIUM)