Portably Solving File TOCTTOU Races with Hardness Amplification
暂无分享,去创建一个
Tomer Hertz | Dan Tsafrir | David A. Wagner | Dilma Da Silva | D. Wagner | T. Hertz | D. D. Silva | Dan Tsafrir
[1] David A. Wagner,et al. Setuid Demystified , 2002, USENIX Security Symposium.
[2] Dawson R. Engler,et al. RacerX: effective, static detection of race conditions and deadlocks , 2003, SOSP '03.
[3] Arnab Ray,et al. Preventing race condition attacks on file-systems , 2005, SAC '05.
[4] William S. McPhee. Operating System Integrity in OS/VS2 , 1974, IBM Syst. J..
[5] Dawson R. Engler,et al. Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.
[6] Andrew Chi-Chih Yao,et al. Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.
[7] Steve J. Chapin,et al. Detection of file-based race conditions , 2005, International Journal of Information Security.
[8] David Mazières,et al. Secure applications need flexible operating systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).
[9] Dawson R. Engler,et al. Using programmer-written compiler extensions to catch security holes , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.
[10] David A. Wagner,et al. MOPS: an infrastructure for examining security properties of software , 2002, CCS '02.
[11] Matt Bishop,et al. Race Conditions, Files, and Security Flaws; or the Tortoise and the Hare Redux , 1995 .
[12] Wei Tu,et al. Model checking an entire Linux distribution for security violations , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).
[13] Calton Pu,et al. Multiprocessors May Reduce System Dependability under File-Based Race Condition Attacks , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).
[14] Brian Chess,et al. Improving computer security using extended static checking , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.
[15] Samuel T. King,et al. Detecting past and present intrusions through vulnerability-specific predicates , 2005, SOSP '05.
[16] Pankaj Jalote,et al. Monitoring the Security Health of Software Systems , 2006, 2006 17th International Symposium on Software Reliability Engineering.
[17] Crispin Cowan,et al. RaceGuard: Kernel Protection From Temporary File Race Vulnerabilities , 2001, USENIX Security Symposium.
[18] T. Redmond,et al. Noninterference and intrusion detection , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.
[19] Frank B. Schmuck,et al. Experience with transactions in QuickSilver , 1991, SOSP '91.
[20] Jongwoon Park,et al. RPS: An Extension of Reference Monitor to Prevent Race-Attacks , 2004, PCM.
[21] Eugene Tsyrklevich,et al. Dynamic Detection and Prevention of Race Conditions in File Accesses , 2003, USENIX Security Symposium.
[22] Gary McGraw,et al. ITS4: a static vulnerability scanner for C and C++ code , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).
[23] Jun-ichiro itojun Hagino. E – RFC3542 “Advanced Sockets Application Program Interface (API) for IPv6” , 2005 .
[24] Calton Pu,et al. TOCTTOU vulnerabilities in UNIX-style file systems: an anatomical study , 2005, FAST'05.
[25] Matt Bishop,et al. Checking for Race Conditions in File Accesses , 1996, Comput. Syst..
[26] Alan J. Hu,et al. Fixing Races for Fun and Profit: How to Use access(2) , 2004, USENIX Security Symposium.
[27] Nikita Borisov,et al. Fixing Races for Fun and Profit: How to Abuse atime , 2005, USENIX Security Symposium.
[28] S. Venkatesan,et al. A Unified Approach to Detecting Binding Based Race Condition Attacks , 2003 .
[29] Erez Zadok,et al. Extending ACID semantics to the file system , 2007, TOS.
[30] Matt Thomas,et al. Advanced Sockets Application Program Interface (API) for IPv6 , 2003, RFC.
[31] Calton Pu,et al. A Methodical Defense against TOCTTOU Attacks: The EDGI Approach , 2006 .
[32] Dawson R. Engler,et al. Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.