Concurrency Attacks

Yang, Junfeng; Cui, Ang; Gallagher, John Martin; Stolfo, Salvatore; Sethumadhavan, Lakshminarasimhan

doi:10.7916/D8CV4RN6

2011 Reports

Concurrency Attacks

Yang, Junfeng; Cui, Ang; Gallagher, John Martin; Stolfo, Salvatore; Sethumadhavan, Lakshminarasimhan

Just as errors in sequential programs can lead to security exploits, errors in concurrent programs can lead to concurrency attacks. In this paper, we present an in-depth study of concurrency attacks and how they may affect existing defenses. Our study yields several interesting findings. For instance, we find that concurrency attacks can corrupt non-pointer data, such as user identifiers, which existing memory-safety defenses cannot handle. Inspired by our findings, we propose new defense directions and fixes to existing defenses.

Subjects

Computer science

Files

cucs-028-11.pdf application/pdf 112 KB Download File

More About This Work

Academic Units: Computer Science
Publisher: Department of Computer Science, Columbia University
Series: Columbia University Computer Science Technical Reports, CUCS-028-11
Published Here: July 11, 2011