Concurrency Attacks

Abstract

Just as errors in sequential programs can lead to security exploits, errors in concurrent programs can lead to concurrency attacks. Questions such as whether these attacks are feasible and what characteristics they have remain largely unknown. In this paper, we present a preliminary study of concurrency attacks and the security implications of real world concurrency errors. Our study yields several interesting findings. For instance, we observe that the exploitability of a concurrency error depends on the duration of the timing window within which the error may occur. We further observe that attackers can increase this window through carefully crafted inputs. We also find that four out of five commonly used sequential defenses become unsafe when applied to concurrent programs. Based on our findings, we propose new defense directions and fixes to existing defenses.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 07, 2012
Accession Number
AD1145362

Entities

People

  • Ang Cui
  • Junfeng Yang
  • Sal Stolfo
  • Simha Sethumadhaven

Organizations

  • Columbia University

Tags

Communities of Interest

  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Anomaly Detection
  • Change Detection
  • Computer Programming
  • Computer Science
  • Computers
  • Detection
  • Detectors
  • Intrusion Detection
  • Intrusion Detectors
  • Language
  • Multithreading
  • Object Oriented Programming
  • Operating Systems
  • Programming Languages
  • Systems Engineering
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Approximation Theory.
  • Artificial Intelligence
  • Systems Analysis and Design