Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 14 Page 1 CS 236 Online Race Conditions A common cause of security bugs Usually involve multiprogramming or multithreaded programs Caused by different.

Published byCameron Claud Riley Modified over 8 years ago

Similar presentations

Presentation on theme: "Lecture 14 Page 1 CS 236 Online Race Conditions A common cause of security bugs Usually involve multiprogramming or multithreaded programs Caused by different."— Presentation transcript:

1 Lecture 14 Page 1 CS 236 Online Race Conditions A common cause of security bugs Usually involve multiprogramming or multithreaded programs Caused by different threads of control operating in unpredictable fashion –When programmer thought they’d work in a particular order

2 Lecture 14 Page 2 CS 236 Online What Is a Race Condition? A situation in which two (or more) threads of control are cooperating or sharing something If their events happen in one order, one thing happens If their events happen in another order, something else happens Often the results are unforeseen

3 Lecture 14 Page 3 CS 236 Online Security Implications of Race Conditions Usually you checked privileges at one point You thought the next lines of code would run next –So privileges still apply But multiprogramming allows things to happen in between

4 Lecture 14 Page 4 CS 236 Online The TOCTOU Issue Time of Check to Time of Use Have security conditions changed between when you checked? And when you used it? Multiprogramming issues can make that happen Sometimes under attacker control

5 Lecture 14 Page 5 CS 236 Online A Short Detour In Unix, processes can have two associated user IDs –Effective ID –Real ID Real ID is the ID of the user who actually ran it Effective ID is current ID for access control purposes Setuid programs run this way System calls allow you to manipulate it

6 Lecture 14 Page 6 CS 236 Online Effective UID and Access Permissions Unix checks accesses against effective UID, not real UID So setuid program uses permissions for the program’s owner –Unless relinquished Remember, root has universal access privileges

7 Lecture 14 Page 7 CS 236 Online An Example Code from Unix involving a temporary file Runs setuid root res = access(“/tmp/userfile”, R_OK); If (res != 0) die(“access”); fd = open(“/tmp/userfile”,O_RDONLY);

8 Lecture 14 Page 8 CS 236 Online What’s (Supposed to Be) Going on Here? Checked access on /tmp/userfile to make sure user was allowed to read it –User can use links to control what this file is access() checks real user ID, not effective one –So checks access permissions not as root, but as actual user So if user can read it, open file for read –Which root is definitely allowed to do Otherwise exit

9 Lecture 14 Page 9 CS 236 Online What’s Really Going On Here? This program might not run uninterrupted OS might schedule something else in the middle In particular, between those two lines of code

10 Lecture 14 Page 10 CS 236 Online How the Attack Works Attacker puts innocuous file in /tmp/userfile Calls the program Quickly deletes file and replaces it with link to sensitive file –One only readable by root If timing works, he gets secret contents

11 Lecture 14 Page 11 CS 236 Online The Dynamics of the Attack /tmp/userfile res = access(“/tmp/userfile”, R_OK); if (res != 0) die(“access”); fd = open(“/tmp/userfile”,O_RDONLY); /etc/secretfile 1.Run program 2.Change file Let’s try that again! One more time! Success!

12 Lecture 14 Page 12 CS 236 Online How Likely Was That? Not very –The timing had to be just right But the attacker can try it many times –And may be able to influence system to make it more likely And he only needs to get it right once Timing attacks of this kind can work The longer between check and use, the more dangerous

13 Lecture 14 Page 13 CS 236 Online Some Types of Race Conditions File races –Which file you access gets changed Permissions races –File permissions are changed Ownership races –Who owns a file changes Directory races –Directory hierarchy structure changes

14 Lecture 14 Page 14 CS 236 Online Preventing Race Conditions Minimize time between security checks and when action is taken Be especially careful with files that users can change Use locking and features that prevent interruption, when possible Avoid designs that require actions where races can occur

15 Lecture 14 Page 15 CS 236 Online Randomness and Determinism Many pieces of code require some randomness in behavior Where do they get it? As earlier key generation discussion showed, it’s not that easy to get

16 Lecture 14 Page 16 CS 236 Online Pseudorandom Number Generators PRNG Mathematical methods designed to produce strings of random-like numbers Actually deterministic –But share many properties with true random streams of numbers

17 Lecture 14 Page 17 CS 236 Online Attacks on PRNGs Cryptographic attacks –Observe stream of numbers and try to deduce the function State attacks –Attackers gain knowledge of or influence the internal state of the PRNG

18 Lecture 14 Page 18 CS 236 Online An Example ASF Software’s Texas Hold’Em Poker Flaw in PRNG allowed cheater to determine everyone’s cards –Flaw in card shuffling algorithm –Seeded with a clock value that can be easily obtained

19 Lecture 14 Page 19 CS 236 Online Another Example Netscape’s early SSL implementation Another guessable seed problem –Based on knowing time of day, process ID, and parent process ID –Process IDs readily available by other processes on same box Broke keys in 30 seconds

20 Lecture 14 Page 20 CS 236 Online A Recent Case The chip-and-pin system is used to secure smart ATM cards Uses cryptographic techniques that require pseudo-random numbers Cambridge found weaknesses in the PRNG Allows attackers to withdraw cash without your card Seems to be in real use in the wild

21 Lecture 14 Page 21 CS 236 Online How to Do Better? Use hardware randomness, where available Use high quality PRNGs –Preferably based on entropy collection methods Don’t use seed values obtainable outside the program

Download ppt "Lecture 14 Page 1 CS 236 Online Race Conditions A common cause of security bugs Usually involve multiprogramming or multithreaded programs Caused by different."

Similar presentations

TOCTTOU Attacks Don Porter CS 380S

TOCTTOU Attacks Don Porter CS 380S
Lecture 13 Page 1 CS 111 Online File Systems: Introduction CS 111 On-Line MS Program Operating Systems Peter Reiher.

Lecture 13 Page 1 CS 111 Online File Systems: Introduction CS 111 On-Line MS Program Operating Systems Peter Reiher.
Computer Science CSC 405 LabBy Yuzheng Zhou1 CSC 405 Introduction to Computer Security Lab session.

Computer Science CSC 405 LabBy Yuzheng Zhou1 CSC 405 Introduction to Computer Security Lab session.
INSE - Lectures 19 & 20 SE for Real-Time & SE for Concurrency  Really these are two topics – but rather tangled together.

INSE - Lectures 19 & 20 SE for Real-Time & SE for Concurrency  Really these are two topics – but rather tangled together.
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
1 The Fortuna PRNG Niels Ferguson. 2 The problem We need to make “random” choices in cryptographic protocols. Computers are deterministic. Standard “random”

1 The Fortuna PRNG Niels Ferguson. 2 The problem We need to make “random” choices in cryptographic protocols. Computers are deterministic. Standard “random”
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 15 Implementation Flaws Part 3: Randomness and Timing Issues.

© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 15 Implementation Flaws Part 3: Randomness and Timing Issues.
Building Secure Software Chapter 9 Race Conditions.

Building Secure Software Chapter 9 Race Conditions.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.

Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.

Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.
Bill's Amazing Content Rotator jQuery Content Rotator.

Bill's Amazing Content Rotator jQuery Content Rotator.
Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.

Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.
CS 346 – Chapter 1 Operating system – definition Responsibilities What we find in computer systems Review of –Instruction execution –Compile – link – load.

CS 346 – Chapter 1 Operating system – definition Responsibilities What we find in computer systems Review of –Instruction execution –Compile – link – load.
Phishing scams Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal.

Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.

Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.

Similar presentations

Ads by Google