Concurrency Attacks and Defenses
Technical Report,01 Jul 2012,30 Jun 2016
Columbia University New York United States
Pagination or Media Count:
Multithreaded programs are getting increasingly pervasive and critical. Unfortunately, they remain extremely difficult to write. This difficulty has led to many subtle but serious concurrency vulnerabilities such as race conditions in real-world multithreaded programs. Just as vulnerabilities in sequential programs can lead to security exploits, concurrency vulnerabilities can also be exploited by attackers to gain privilege, steal information, inject arbitrary code, etc. Concurrency attacks targeting these vulnerabilities are impending see CVE httpwww.cvedetails.comvulnerability-listcweid-362vulnerabilities.html, yet few existing defense techniques can deal with concurrency vulnerabilities. In fact, many of the traditional defense techniques are rendered unsafe by concurrency vulnerabilities. The objective of this project is to take a holistic approach to creating novel program analysisprotection techniques and a system called DASH to secure multithreaded programs and harden traditional defense techniques in a concurrency environment. We do so by selectively combining static and dynamic techniques, thus getting the best of both worlds. We anticipate numerous contributions from this project the main ones are 1 a thorough understanding of concurrency attacks and their implications to traditional defense techniques 2 accurate and effective techniques to detect, avoid, and survive concurrency vulnerabilities and 3 hardening of traditional defense techniques for multithreaded programs. The greatest impact of our project is a novel approach and the DASH system for improving software security and reliability, thus greatly benefiting the Nations cyber security. DASH can also be used for offense the Military can gain new competitive means in cyber warfare by running DASH to identify concurrency vulnerabilities in the infrastructure of hostile nations.
- Computer Programming and Software
- Computer Systems Management and Standards