Race Conditions and Security. News o’ the day Java security flaws 3 bugs in Sun’s JRE Elevation of privilege, execution of arbitrary code, read/write.

Slides:



Advertisements
Similar presentations
1 Symbian Client Server Architecture. 2 Client, who (a software module) needs service from service provider (another software module) Server, who provide.
Advertisements

Multi-threaded applications SE SE-2811 Dr. Mark L. Hornick 2 What SE1011 students are told… When the main() method is called, the instructions.
Gots ta move dat data and not trash your threads...
Intro to Threading CS221 – 4/20/09. What we’ll cover today Finish the DOTS program Introduction to threads and multi-threading.
Precept 3 COS 461. Concurrency is Useful Multi Processor/Core Multiple Inputs Don’t wait on slow devices.
Threads ICW Lecture 10 Tom Chothia. Last Time XML JDOM XPATH.
Threads Clients Servers Code Migration Software Agents Summary
Computer Science 162 Section 1 CS162 Teaching Staff.
Multithreaded Java COMP1681 / SE15 Introduction to Programming Fast Track Session 3.
Administrivia P2 all grades available now Relative importance of scores M1: 30% M2: 30% Rollout: 40% P3 -- good progress so far! Looks like a lot of the.
Building Secure Software Chapter 9 Race Conditions.
Synchronization in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
Talking to Threads. Administriva Grade summary today.
Racing toward disaster.... Today in history Last time: Dijkstra’s algorithm (off the cuff) This time: Principle o’ the day Timer threads Design exercise,
1 Organization of Programming Languages-Cheng (Fall 2004) Concurrency u A PROCESS or THREAD:is a potentially-active execution context. Classic von Neumann.
Computer Security and Penetration Testing
Oh what a tangled web we weave… … when first to thread we do conceive Lecture 24, Dec 08.
1 Threads Chapter 4 Reading: 4.1,4.4, Process Characteristics l Unit of resource ownership - process is allocated: n a virtual address space to.
Oh what a tangled web we weave when first to thread we do conceive.
Threads II. Review A thread is a single flow of control through a program Java is multithreaded—several threads may be executing “simultaneously” If you.
Proxy Design Pattern Source: Design Patterns – Elements of Reusable Object- Oriented Software; Gamma, et. al.
Multithreading.
Threading in Java – a Tutorial QMUL IEEE SB. Why Threading When we need to run two tasks concurrently So multiple parts (>=2) of a program can run simultaneously.
Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.
OPERATING SYSTEMS DESIGN AND IMPLEMENTATION Third Edition ANDREW S. TANENBAUM ALBERT S. WOODHULL Yan hao (Wilson) Wu University of the Western.
CSE 451: Operating Systems Autumn 2013 Module 6 Review of Processes, Kernel Threads, User-Level Threads Ed Lazowska 570 Allen.
Concurrency Recitation – 2/24 Nisarg Raval Slides by Prof. Landon Cox.
1 Advanced Computer Programming Concurrency Multithreaded Programs Copyright © Texas Education Agency, 2013.
1 CSCD 330 Network Programming Lecture 13 More Client-Server Programming Sometime in 2014 Reading: References at end of Lecture.
Nachos Phase 1 Code -Hints and Comments
Implementing Processes and Process Management Brian Bershad.
Week 3, Day 1: Processes & Threads Return Quiz Processes Threads Lab: Quiz Lab 3: Strategy & Factory Patterns! SE-2811 Slide design: Dr. Mark L. Hornick.
50.003: Elements of Software Construction Week 8 Composing Thread-safe Objects.
Cosc 4740 Chapter 6, Part 3 Process Synchronization.
Win32 Programming Lesson 10: Thread Scheduling and Priorities.
Week 3, Day 1: Processes & Threads Processes Threads SE-2811 Slide design: Dr. Mark L. Hornick Content: Dr. Hornick Errors: Dr. Yoder 1.
1 GUI programming with threads. 2 Threads and Swing Swing is not generally thread-safe: most methods are not synchronized –correct synchronization is.
Internet Software Development Controlling Threads Paul J Krause.
School of Engineering and Computer Science Victoria University of Wellington Copyright: Peter Andreae david streader, VUW Networking and Concurrency COMP.
CSE S. Tanimoto Java Introduction 1 Java A Programming Language for Web-based Computing with Graphics.
Synchronizing threads, thread pools, etc.
Game Programming Patterns Event Queue From the book by Robert Nystrom
CSE S. Tanimoto Java Introduction 1 Java A Programming Language for Web-based Computing with Graphics.
ICS 313: Programming Language Theory Chapter 13: Concurrency.
CIS Intro to JAVA Lecture Notes Set July-05 GUI Programming – Home and reload buttons for the webbrowser, Applets.
Threads II IS Outline  Quiz  Thread review  Stopping a thread  java.util.Timer  Swing threads javax.swing.Timer  ProgressMonitor.
Operating Systems CSE 411 CPU Management Sept Lecture 10 Instructor: Bhuvan Urgaonkar.
(1) Introduction to Java GUIs Philip Johnson Collaborative Software Development Laboratory Information and Computer Sciences University of Hawaii Honolulu.
Slides prepared by Rose Williams, Binghamton University Chapter 20 Java Never Ends.
Java Threads 1 1 Threading and Concurrent Programming in Java Threads and Swing D.W. Denbo.
CSE S. Tanimoto Java Introduction 1 Java A Programming Language for Web-based Computing.
Lecture 14 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Java Thread Programming
Protecting Memory What is there to protect in memory?
Protecting Memory What is there to protect in memory?
PA1 Discussion.
Java Programming Language
Lecture 25 More Synchronized Data and Producer/Consumer Relationship
Lecture 28 Concurrent, Responsive GUIs
Chapter 19 Java Never Ends
PC02 Term 1 Project Basic Messenger. PC02 Term 1 Project Basic Messenger.
Threads II IS
Multithreaded Programming in Java
Distributed Systems - Comp 655
CNT 4007C Project 2 Good morning, everyone. In this class, we will have a brief look at the project 2. Project 2 is basically the same with project 1.
Multithreading.
Background and Motivation
9. Threads SE2811 Software Component Design
9. Threads SE2811 Software Component Design
9. Threads SE2811 Software Component Design
Presentation transcript:

Race Conditions and Security

News o’ the day Java security flaws 3 bugs in Sun’s JRE Elevation of privilege, execution of arbitrary code, read/write local files from remote program Time to update your Java config...

Administrivia Happy December! tick, tock...

Administrivia Happy December! tick, tock... Happy new moon!

Administrivia Happy December! tick, tock... Happy new moon! Reminder: Final exam Dec 13, 12:30 PM, usual room

Time rolls on... Last time: Design principle: early vs. late commitment Timer threads (Race conditions) This time: Client-side communications Race conditions & security (for sure!)

Client-side communications Issue: Data enters client through network listener thread GUI being processed on Swing/AWT event queue Need to transfer data between them Need to handle synchronization...

Classic MVC design Network Listener thread Model (GridWorld2d + stuff) GUI data structures (JLabel, etc.) data (server update) set(x,y,data) notify(x,y) get(x,y)

Classic MVC design Network Listener thread Model (GridWorld2d + stuff) GUI data structures (JLabel, etc.) data (server update) set(x,y,data) notify(x,y) get(x,y) SWING/AWT event proc thread GUI event (click, etc.) Danger Will Robinson! Multiple access! Data corruption! Here be Monsters!

What you want Network Listener thread Model (GridWorld2d + stuff) GUI data structures (JLabel, etc.) data (server update) set(x,y,data) notify(x,y) get(x,y) SWING/AWT event proc thread A miracle occurs GUI event (click, etc.) Deferred ! WTF?

How to get there... Need some way for listener thread to: Store the incoming data temporarily Notify the event thread: “Hey! There’s some new data! Come deal with it!” Requires: Synchronized access to temp data store Rapid turnaround in listener thread

How to get there... Clever, clever SWING designers thought of this... javax.swing.SwingUtilities.invokeLater() Takes a Runnable Event thread executes Runnable.run() “when it’s convenient” After rest of outstanding AWT events have cleared

How to get there... Clever, clever SWING designers thought of this... javax.swing.SwingUtilities.invokeLater() Immediately returns control to calling thread (network listener) Executes Runnable.run() once Does not create a new thread

Network listener code public void listenToNetwork(Socket s) { while (!toStop) { Message data= // read from network synchronizedBuffer.add(data); SwingUtilities.invokeLater(new _msgHandler()); }

Network listener code public void listenToNetwork(Socket s) { while (!toStop) { Message data= // read from network synchronizedBuffer.add(data); SwingUtilities.invokeLater(new _msgHandler()); } private static class _msgHandler implements Runnable { public void run() { Message m=synchronizedBuffer.remove(); while (m!=null) { m.execute(model); m=synchronizedBuffer.remove(); } } } }

Alternately... public void listenToNetwork(Socket s) { while (!toStop) { Message data= // read from network SwingUtilities.invokeLater(new _msgHandler(data)); } private static class _msgHandler implements Runnable { public _msgHandler(Message m) { _data=m; } public void run() { m.execute(model); } private final Message _data; }

A final note The example chat client you have does not do this May be a bug Or the author may know something I don’t This is my best understanding from SWING docs Caveat emptor!

Race Conditions & Security

Race Cond. & Security Atomicity failures can sometimes be exploited to break security on multiprocessing systems One of the top 10 classes of exploits since... mid-1980’s, at least 100’s (or more) of reported vulnerabilities Independent of language: Java will not save you! Hostile program grabs a shared resource (e.g., file) before it is secured Beware when writing privileged code! N.b.: Sometimes your never-intended-to-be- secure code will be run in privileged context!

Basic Race Cond. Exploit priv proc

Basic Race Cond. Exploit priv proc file /tmp/foo write() read() close() unlink() open(“/tmp/foo”, O_RDWR | O_CREAT);

Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc open(...) read()

Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc chmod()

Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc chmod() open(...)

Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc umask()

Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc umask() open(...) read()

Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc umask() symlink(“/tmp/foo”, “/etc/passwd”)

Basic Race Cond. Exploit priv proc stat(“/tmp/foo”); if (!exists) { open(“/tmp/foo”, O_RDWR | O_CREAT); } else { error(); } file /tmp/foo write() read() close() unlink() hostile proc umask()

Basic Race Cond. Exploit priv proc stat(“/tmp/foo”); if (!exists) { open(“/tmp/foo”, O_RDWR | O_CREAT); } else { error(); } file /tmp/foo write() read() close() unlink() hostile proc umask() symlink(“/tmp/foo”, “/etc/passwd”)

Preventing FS Race Conds Could create “foo” in dir owned/writable only by owner of proc Can be hard to ensure this Still have to watch out for filename collisions Could make file names hard to predict (e.g., picked randomly) Exploit still possible; hard to make fnames really random Ultimate answer: use OS atomicity facilities open(“/tmp/foo”, O_RDWR | O_CREAT | O_EXCL) Always be on guard!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.