Browse > Article
http://dx.doi.org/10.13089/JKIISC.2021.31.4.701

Detecting TOCTOU Race Condition on UNIX Kernel Based File System through Binary Analysis  

Lee, SeokWon (Major in Bio Artificial Intelligence, Department of Computer Science and Engineering, Hanyang University)
Jin, Wen-Hui (Major in Bio Artificial Intelligence, Department of Computer Science and Engineering, Hanyang University)
Oh, Heekuck (Major in Bio Artificial Intelligence, Department of Computer Science and Engineering, Hanyang University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.31, no.4, 2021 , pp. 701-713 More about this Journal
Abstract
Race Condition is a vulnerability in which two or more processes input or manipulate a common resource at the same time, resulting in unintended results. This vulnerability can lead to problems such as denial of service, elevation of privilege. When a vulnerability occurs in software, the relevant information is documented, but often the cause of the vulnerability or the source code is not disclosed. In this case, analysis at the binary level is necessary to detect the vulnerability. This paper aims to detect the Time-Of-Check Time-Of-Use (TOCTOU) Race Condition vulnerability of UNIX kernel-based File System at the binary level. So far, various detection techniques of static/dynamic analysis techniques have been studied for the vulnerability. Existing vulnerability detection tools using static analysis detect through source code analysis, and there are currently few studies conducted at the binary level. In this paper, we propose a method for detecting TOCTOU Race Condition in File System based on Control Flow Graph and Call Graph through Binary Analysis Platform (BAP), a binary static analysis tool.
Keywords
TOCTOU Race Condition; Binary Analysis; Vulnerability Detection;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Github, "Angr," https://github.com/angr/angr, last accessed Feb. 2021.
2 Brumley, David, et al. "BAP: A binary analysis platform," International Conference on Computer Aided Verification, pp.463-469, 2011.
3 Github, "Radare2," https://github.com/radareorg/radare2, last accessed Feb. 2021.
4 Hex-rays, "IDA Pro Decompiler," https://www.hex-rays.com/products/idahome/, last accessed Feb. 2021.
5 Bishop, Matt, and Michael Dilger. "Checking for race conditions in file accesses," Computing systems, vol. 9, no. 2, pp.131-152, 1996
6 Wei, Jinpeng, and Calton Pu. "TOCTTOU Vulnerabilities in UNIX-Style File Systems: An Anatomical Study," Proceedings of the 4th USENIX Conference on File and Storage Technologies (FAST), pp.155-167, 2005.
7 Github, "Binary Analysis Platform," https://github.com/BinaryAnalysisPlatform/bap, last accessed Feb. 2021.
8 Chen, Hao, and David Wagner. "MOPS: an infrastructure for examining security properties of software," Proceedings of the 9th ACM Conference on Computer and Communications Security, pp.235-244, 2002.
9 Chess, Brian V. "Improving computer security using extended static checking," Proceedings 2002 IEEE Symposium on Security and Privacy, pp.160-173, 2002.
10 Dijkstra, Edsger W. "Guarded commands, nondeterminacy and formal derivation of programs," Communications of the ACM, vol. 18, no. 8, pp.453-457, Aug. 1975.   DOI
11 NIST SARD, "Juliet Test Suite," https://samate.nist.gov/SARD/testsuite.php, last accessed Feb. 2021.
12 NIST National Vulnerability Database, "CVE-2020-3957," https://nvd.nist. gov/vuln/detail/CVE-2020-3957, last accessed Feb. 2021.
13 SPRi, "Global Software Market Stat," https://stat.spri.kr/posts/view/22299?code=stat_sw_market_global, last accessed Feb. 2021.
14 MITRE CVE, "Common Vulnerability and Exposure", https://cve.mitre.org/, last accessed Feb. 2021.
15 MITRE CWE, "7PK - Time and State," https://cwe.mitre.org/data/definitions/361.html, last accessed Feb. 2021.
16 Github, "CWE Checker," https://github.com/fkie-cad/cwe_checker, last accessed Feb. 2021.
17 Wikipedia, "Executable and Linkable Format,"https://en.wikipedia.org/wiki/Executable_and_Linkable_Format, last accessed Feb. 2021.
18 Github, "Mach-O Format," https://github.com/aidansteele/osx-abi-macho-file-format-reference, last accessed Feb. 2021.
19 Wikipedia, "Intermediate Representation," https://en.wikipedia.org/wiki/Intermediate_representation, last accessed Feb. 2021.
20 Wang, Fish, and Yan Shoshitaishvili. "Angr-the next generation of binary analysis," IEEE Cybersecurity Development (SecDev), pp.8-9, 2017.