计算机工程与应用 ›› 2018, Vol. 54 ›› Issue (3): 1-10.DOI: 10.3778/j.issn.1002-8331.1711-0015

• 热点与综述 • 上一篇    下一篇

竞态漏洞检测方法综述

赵世斌,周天阳,朱俊虎,王清贤   

  1. 数字工程与先进计算国家重点实验室,郑州 450002
  • 出版日期:2018-02-01 发布日期:2018-02-07

Survey on race condition detection

ZHAO Shibin, ZHOU Tianyang, ZHU Junhu, WANG Qingxian   

  1. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450002, China
  • Online:2018-02-01 Published:2018-02-07

摘要: 并行化程序运行环境中资源竞争导致的竞态漏洞是当今操作系统安全的重要威胁之一,攻击者常常间接利用竞态漏洞实施诸如远程命令执行、本地提权等攻击行为。分析了不同条件下竞态漏洞的产生机理及其相互关系,提出了竞态漏洞检测基本范式和通用框架,分别综述了用户态和内核态竞态漏洞检测方法的技术思想和发展脉络,讨论了制约检测效率的瓶颈问题以及可能的解决方法,结合最新技术应用指出了未来发展趋势和亟待解决的问题。

关键词: 竞态漏洞检测, happens-before, lock-set, 共享资源操作轨迹

Abstract: Race condition induced by resource race threatens operating system a lot in parallized execution environment. Attackers usually take actions such as remote command execution, local priviledge exploitation etc. By using this kind of vulnerabilities. This paper proposes a general race condition detection framework after analysing vulnerability mechanism in different conditions, and summarizes the development process of race condition detection method in user-mode and kernel-mode separately. The bottleneck of dection efficiency and its solution is also discussed. And the recent development trend and problems need to be solved is pointed in the end, combining newest technique application.

Key words: race condition detection, happens-before, lock-set, shared resource operation trace