An Information Flow Approach for Preventing Race Conditions: Dynamic Protection of the Linux OS

Abstract : In the literature, the notion of Race Condition deals with the interference between two processes A and B carrying out three interactions involving a shared object. The second interaction of the concurrent process B interleaves with the first and the third interactions of process A. Preventing Race Conditions attacks between concurrent processes is still an open problem. Many limitations remain such as preventing only Race Conditions on a file system or controlling only direct interactions with the shared context. That paper covers those various problems. First, it gives a formal definition of direct and indirect information flows at the scale of a complete operating system. Second, it proposes a general formalization of Race Conditions using those information flows. In contrast with existing formalizations, our definition is very effective and can be implemented on any operating system. Third, it provides a Mandatory Access Control that enables to prevent general Race Conditions at the scale of a whole Linux operating system. The Race Conditions can be easily expressed as a Security Properties policy. A honeypot experimentation provides a large scale evaluation of our dynamic MAC enforcement. It shows the efficiency to prevent both direct and indirect Race Conditions. Performances are encouraging us to follow our approach of a dynamic MAC for enforcing a larger range of security properties.
Type de document :
Article dans une revue
International Journal On Advances in Software, IARIA, 2011, 4 (1&2), pp.34-45
Liste complète des métadonnées

https://hal.archives-ouvertes.fr/hal-00658000
Contributeur : Patrice Clemente <>
Soumis le : lundi 9 janvier 2012 - 16:20:38
Dernière modification le : mercredi 29 novembre 2017 - 10:19:50

Identifiants

  • HAL Id : hal-00658000, version 1

Collections

Citation

Jonathan Rouzaud-Cornabas, Patrice Clemente, Christian Toinard. An Information Flow Approach for Preventing Race Conditions: Dynamic Protection of the Linux OS. International Journal On Advances in Software, IARIA, 2011, 4 (1&2), pp.34-45. 〈hal-00658000〉

Partager

Métriques

Consultations de la notice

141