| 竞态漏洞检测方法综述 |
| |
| 引用本文: | 赵世斌,周天阳,朱俊虎,王清贤.竞态漏洞检测方法综述[J].计算机工程与应用,2018,54(3):1-10. |
| |
| 作者姓名: | 赵世斌 周天阳 朱俊虎 王清贤 |
| |
| 作者单位: | 数字工程与先进计算国家重点实验室,郑州 450002 |
| |
| 摘 要: | 并行化程序运行环境中资源竞争导致的竞态漏洞是当今操作系统安全的重要威胁之一,攻击者常常间接利用竞态漏洞实施诸如远程命令执行、本地提权等攻击行为。分析了不同条件下竞态漏洞的产生机理及其相互关系,提出了竞态漏洞检测基本范式和通用框架,分别综述了用户态和内核态竞态漏洞检测方法的技术思想和发展脉络,讨论了制约检测效率的瓶颈问题以及可能的解决方法,结合最新技术应用指出了未来发展趋势和亟待解决的问题。
|
| 关 键 词: | 竞态漏洞检测 happens-before lock-set 共享资源操作轨迹 |
Survey on race condition detection |
| |
| ZHAO Shibin,ZHOU Tianyang,ZHU Junhu,WANG Qingxian.Survey on race condition detection[J].Computer Engineering and Applications,2018,54(3):1-10. |
| |
| Authors: | ZHAO Shibin ZHOU Tianyang ZHU Junhu WANG Qingxian |
| |
| Affiliation: | State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450002, China |
| |
| Abstract: | Race condition induced by resource race threatens operating system a lot in parallized execution environment. Attackers usually take actions such as remote command execution, local priviledge exploitation etc. By using this kind of vulnerabilities. This paper proposes a general race condition detection framework after analysing vulnerability mechanism in different conditions, and summarizes the development process of race condition detection method in user-mode and kernel-mode separately. The bottleneck of dection efficiency and its solution is also discussed. And the recent development trend and problems need to be solved is pointed in the end, combining newest technique application. |
| |
| Keywords: | race condition detection happens-before lock-set shared resource operation trace |
|
| 点击此处可从《计算机工程与应用》浏览原始摘要信息 |
|
点击此处可从《计算机工程与应用》下载全文 |
