Oh what a tangled web we weave… … when first to thread we do conceive Lecture 24, Dec 08.

Slides:



Advertisements
Similar presentations
DATA STRUCTURES Lecture: Interfaces Slides adapted from Prof. Steven Roehrig.
Advertisements

Multi-threaded applications SE SE-2811 Dr. Mark L. Hornick 2 What SE1011 students are told… When the main() method is called, the instructions.
Race Conditions. Isolated & Non-Isolated Processes Isolated: Do not share state with other processes –The output of process is unaffected by run of other.
Concurrency.
George Blank University Lecturer. CS 602 Java and the Web Object Oriented Software Development Using Java Chapter 4.
© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 15 Implementation Flaws Part 3: Randomness and Timing Issues.
Race Conditions Critical Sections Deker’s Algorithm.
Java Puzzlers. Administrivia Reminder: Final exam Can replace final w/ midterm if you warn me Reminder: Final project One group still needs to schedule.
Administrivia P2 all grades available now Relative importance of scores M1: 30% M2: 30% Rollout: 40% P3 -- good progress so far! Looks like a lot of the.
Building Secure Software Chapter 9 Race Conditions.
Synchronization in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
Talking to Threads. Administriva Grade summary today.
Race Conditions and Security. News o’ the day Java security flaws 3 bugs in Sun’s JRE Elevation of privilege, execution of arbitrary code, read/write.
Give an example to show the advantages to using multithreaded Clients See page 142 of the core book (Tanebaum 2002).
Oh what a tangled web we weave when first to thread we do conceive.
Proxy Design Pattern Source: Design Patterns – Elements of Reusable Object- Oriented Software; Gamma, et. al.
Threads in Java1 Concurrency Synchronizing threads, thread pools, etc.
CS252: Systems Programming Ninghui Li Final Exam Review.
Concurrency Recitation – 2/24 Nisarg Raval Slides by Prof. Landon Cox.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
The Client-Server Model – part II
An program As a simple example of socket programming we can implement a program that sends to a remote site As a simple example of socket.
1 Object-Oriented Software Engineering CS Interfaces Interfaces are contracts Contracts between software groups Defines how software interacts with.
Concurrency, Mutual Exclusion and Synchronization.
Cli/Serv.: Dist. Prog./21 Client/Server Distributed Systems v Objectives –explain the general meaning of distributed programming beyond client/server.
CS 11 java track: lecture 1 Administrivia need a CS cluster account cgi-bin/sysadmin/account_request.cgi need to know UNIX
Lecture 2 Foundations and Definitions Processes/Threads.
Processes & Threads Bahareh Goodarzi. Single & Multiple Thread of control code files data code files data.
Consider the following Java code Race Conditions public class Shared { private int data; public Shared() { data = 0; } public void setData(int r) { data.
Netprog: Java Intro1 Crash Course in Java. Netprog: Java Intro2 Why Java? Network Programming in Java is very different than in C/C++ –much more language.
CSEP 545 Transaction Processing for E-Commerce Course Information Spring (March – May) 2007.
1 - 1 CS230: Data Structures Spring 2007 Reading:Downey: Chapters 1, 2, 3, Sections , 4.13, , Chapters 5 and 6 Problem Set:Problem Set.
Internet Software Development Controlling Threads Paul J Krause.
School of Engineering and Computer Science Victoria University of Wellington Copyright: Peter Andreae david streader, VUW Networking and Concurrency COMP.
Threads & Networking C# offers facilities for multi threading and network programming an application roughly corresponds to a process, handled by the OS.
Lecture 14 Page 1 CS 236 Online Race Conditions A common cause of security bugs Usually involve multiprogramming or multithreaded programs Caused by different.
BEGINNING PROGRAMMING.  Literally – giving instructions to a computer so that it does what you want  Practically – using a programming language (such.
CIS Intro to JAVA Lecture Notes Set July-05 GUI Programming – Home and reload buttons for the webbrowser, Applets.
Threads in Java1 Concurrency Synchronizing threads, thread pools, etc.
Lecture 14 Page 1 CS 236 Online Variable Initialization Some languages let you declare variables without specifying their initial values And let you use.
Threads. Objectives You must be able to answer the following questions –What code does a thread execute? –What states can a thread be in? –How does a.
1.Reading from Keyboard 2.Main programs 3.Responsibilities 1 CS12230 Introduction to Programming Lecture 2or3-Other things.
Secure Operating Systems Lesson F: Capability Based Systems.
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 9: Designing Exceptionally.
Group 9. Exploiting Software The exploitation of software is one of the main ways that a users computer can be broken into. It involves exploiting the.
Jeopardy $100 VariablesErrorsLoops Classes and Objects Program Structure $200 $300 $400 $500 $400 $300 $200 $100 $500 $400 $300 $200 $100 $500 $400 $300.
CSC 480 Software Engineering Lab 2 – Multi-Threading Oct 18, 2002.
Concurrency in Java MD. ANISUR RAHMAN. slide 2 Concurrency  Multiprogramming  Single processor runs several programs at the same time  Each program.
Lecture 4 Page 1 CS 111 Online Modularity and Memory Clearly, programs must have access to memory We need abstractions that give them the required access.
Principles of Software Development
Protecting Memory What is there to protect in memory?
Protecting Memory What is there to protect in memory?
Protecting Memory What is there to protect in memory?
SE /11/2018 If you think the internet is not working in its current incarnation, you can’t change the system through think-pieces and F.C.C. regulations.
Multithreaded Programming in Java
CS 3630 Database Design and Implementation
CS-0401 INTERMEDIATE PROGRAMMING USING JAVA
CNT 4007C Project 2 Good morning, everyone. In this class, we will have a brief look at the project 2. Project 2 is basically the same with project 1.
CSE 451: Operating Systems Spring 2012 Module 6 Review of Processes, Kernel Threads, User-Level Threads Ed Lazowska 570 Allen.
Concurrency: Mutual Exclusion and Process Synchronization
(Computer fundamental Lab)
9. Threads SE2811 Software Component Design
January 15, 2004 Adrienne Noble
9. Threads SE2811 Software Component Design
Foundations and Definitions
CSE 153 Design of Operating Systems Winter 2019
CSE 542: Operating Systems
9. Threads SE2811 Software Component Design
Race Condition Vulnerability
Presentation transcript:

Oh what a tangled web we weave… … when first to thread we do conceive Lecture 24, Dec 08

Dictionary confusions Most people’s definition of “delay”: de· lay |di ˈ lā| (n): A period of time by which something is late or postponed CS35 1 8:009:0010:0011:0012:001:002:003:00 CS35 1 8:009:0010:0011:0012:001:002:003:00

Dictionary confusions UNM’s definition of “delay”: de· lay |di ˈ lā| (n): Cancel some stuff, but make no other changes. CS35 1 8:009:0010:0011:0012:001:002:003:00 CS35 1 ??? 8:009:0010:0011:0012:001:002:003:00

Administrivia Final exam reminder Tue, Dec 15, 12:30-2:30 PM; normal room Rollout/end of semester party Fri, Dec 18 noon FEC309 lab Show off swank software, see each other’s projects, kick back, celebrate the end of CS351 If you RSVP, Prof Lane will spring for lunch

Whence and Whither Last time Memory diagrams … ad nauseum Today More memory diagrams! Yay! Specifically, threading model + memory Threading, race conditions, security, and you...

(Yet) Mo’ Memory

The setup... public class DataBlob { public DataBlob() { _data=new HashMap (); } public void addThing(String id, Object thing) { _data.put(id,thing); } public Object getThing(String id) { return _data.get(id); } private final Map _data; }

The setup... public class ClientListener implements Runnable { public ClientListener(Socket s, DataBlob b) { assert s!=null; assert b!=null; _boredNow=false; _dataPort=s; _store=b; _in=new ObjectInputStream(s.getInputStream()); } public void run() { while (!_boredNow) { Object o=_in.readObject(); _store.addThing(o.toString(),o); } private final ObjectInputStream _in; private final Socket _dataPort; private final DataBlob _store; private boolean _boredNow; }

The setup... public class Server { public static void main(String[] args) { final DataBlob d=new DataBlob(); boolean stuffToDo=true; // set up the server thread, sockets, and so on final Socket p=null; ClientListener cl1=new ClientListener(p,d); ClientListener cl2=new ClientListener(p,d); final Thread ct1=new Thread(cl1); final Thread ct2=new Thread(cl2); ct1.start(); ct2.start(); // enter the main processing loop while (stuffToDo) { final String id="whatever"; final Object thing=data.getThing(id); final Object newThing=_modify(thing); data.addThing(newThing.toString(),newThing); }

Race Conditions & Security

Race Cond. & Security Atomicity failures can sometimes be exploited to break security on multiprocessing systems One of the top 10 classes of exploits since... mid-1980’s, at least 100’s (or more) of reported vulnerabilities Half dozen or so (reported) since July of this year...

The core exploit Privileged program creates a resource Hostile program grabs a shared resource (e.g., file): Before it is created (predicting its name/handle) After it is created, but before it is secured Privileged program accesses (R/W) resource Hostile program controls what privileged program sees

You thought you were safe Independent of language: Java will not save you! Beware when writing privileged code! N.b.: Sometimes your never-intended-to-be- secure code will be run in privileged context! Happens a lot on the web...

Basic Race Cond. Exploit priv proc

Basic Race Cond. Exploit priv proc file /tmp/foo write() read() close() unlink() open(“/tmp/foo”, O_RDWR | O_CREAT);

Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc open(...) read()

Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc chmod()

Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc chmod() open(...)

Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc umask()

Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc umask() open(...) read()

Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc umask() symlink(“/tmp/foo”, “/etc/passwd”)

Basic Race Cond. Exploit priv proc stat(“/tmp/foo”); if (!exists) { open(“/tmp/foo”, O_RDWR | O_CREAT); } else { error(); } file /tmp/foo write() read() close() unlink() hostile proc umask()

Basic Race Cond. Exploit priv proc stat(“/tmp/foo”); if (!exists) { open(“/tmp/foo”, O_RDWR | O_CREAT); } else { error(); } file /tmp/foo write() read() close() unlink() hostile proc umask() symlink(“/tmp/foo”, “/etc/passwd”)

Preventing FS Race Conds Could create foo in dir owned/writable only by owner of proc Can be hard to ensure this Still have to watch out for filename collisions

Preventing FS Race Conds Could make file names hard to predict (e.g., picked randomly) Exploit still possible; hard to make fnames really random Similar “prediction” attack used to break early Netscape implementation of SSL

Preventing FS Race Conds Ultimate answer: use OS atomicity facilities open(“/tmp/foo”, O_RDWR | O_CREAT | O_EXCL) Similar mechanisms used at OS level to ensure atomic access to locks/monitors atomicTestAndSet(), et al. Harder w/ distributed databases -- data lives on multiple hosts DBs usually offer atomic access mechanisms for you Always be on guard!

Screwing up in Java private Thread _myLock=null; public void myCriticalMethod() { while (_myLock!=null); _myLock=Thread.currentThread(); // do mutex critical section code _myLock=null; }

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.