Presentation is loading. Please wait.

Presentation is loading. Please wait.

Oh what a tangled web we weave… … when first to thread we do conceive Lecture 24, Dec 08.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Oh what a tangled web we weave… … when first to thread we do conceive Lecture 24, Dec 08."— Presentation transcript:

1 Oh what a tangled web we weave… … when first to thread we do conceive Lecture 24, Dec 08

2 Dictionary confusions Most people’s definition of “delay”: de· lay |di ˈ lā| (n): A period of time by which something is late or postponed CS35 1 8:009:0010:0011:0012:001:002:003:00 CS35 1 8:009:0010:0011:0012:001:002:003:00

3 Dictionary confusions UNM’s definition of “delay”: de· lay |di ˈ lā| (n): Cancel some stuff, but make no other changes. CS35 1 8:009:0010:0011:0012:001:002:003:00 CS35 1 ??? 8:009:0010:0011:0012:001:002:003:00

4 Administrivia Final exam reminder Tue, Dec 15, 12:30-2:30 PM; normal room Rollout/end of semester party Fri, Dec 18 noon FEC309 lab Show off swank software, see each other’s projects, kick back, celebrate the end of CS351 If you RSVP, Prof Lane will spring for lunch

5 Whence and Whither Last time Memory diagrams … ad nauseum Today More memory diagrams! Yay! Specifically, threading model + memory Threading, race conditions, security, and you...

6 (Yet) Mo’ Memory

7 The setup... public class DataBlob { public DataBlob() { _data=new HashMap (); } public void addThing(String id, Object thing) { _data.put(id,thing); } public Object getThing(String id) { return _data.get(id); } private final Map _data; }

8 The setup... public class ClientListener implements Runnable { public ClientListener(Socket s, DataBlob b) { assert s!=null; assert b!=null; _boredNow=false; _dataPort=s; _store=b; _in=new ObjectInputStream(s.getInputStream()); } public void run() { while (!_boredNow) { Object o=_in.readObject(); _store.addThing(o.toString(),o); } private final ObjectInputStream _in; private final Socket _dataPort; private final DataBlob _store; private boolean _boredNow; }

9 The setup... public class Server { public static void main(String[] args) { final DataBlob d=new DataBlob(); boolean stuffToDo=true; // set up the server thread, sockets, and so on final Socket p=null; ClientListener cl1=new ClientListener(p,d); ClientListener cl2=new ClientListener(p,d); final Thread ct1=new Thread(cl1); final Thread ct2=new Thread(cl2); ct1.start(); ct2.start(); // enter the main processing loop while (stuffToDo) { final String id="whatever"; final Object thing=data.getThing(id); final Object newThing=_modify(thing); data.addThing(newThing.toString(),newThing); }

10 Race Conditions & Security

11 Race Cond. & Security Atomicity failures can sometimes be exploited to break security on multiprocessing systems One of the top 10 classes of exploits since... mid-1980’s, at least 100’s (or more) of reported vulnerabilities Half dozen or so (reported) since July of this year...

12 The core exploit Privileged program creates a resource Hostile program grabs a shared resource (e.g., file): Before it is created (predicting its name/handle) After it is created, but before it is secured Privileged program accesses (R/W) resource Hostile program controls what privileged program sees

13 You thought you were safe Independent of language: Java will not save you! Beware when writing privileged code! N.b.: Sometimes your never-intended-to-be- secure code will be run in privileged context! Happens a lot on the web...

14 Basic Race Cond. Exploit priv proc

15 Basic Race Cond. Exploit priv proc file /tmp/foo write() read() close() unlink() open(“/tmp/foo”, O_RDWR | O_CREAT);

16 Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc open(...) read()

17 Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc chmod()

18 Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc chmod() open(...)

19 Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc umask()

20 Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc umask() open(...) read()

21 Basic Race Cond. Exploit priv proc open(“/tmp/foo”, O_RDWR | O_CREAT); file /tmp/foo write() read() close() unlink() hostile proc umask() symlink(“/tmp/foo”, “/etc/passwd”)

22 Basic Race Cond. Exploit priv proc stat(“/tmp/foo”); if (!exists) { open(“/tmp/foo”, O_RDWR | O_CREAT); } else { error(); } file /tmp/foo write() read() close() unlink() hostile proc umask()

23 Basic Race Cond. Exploit priv proc stat(“/tmp/foo”); if (!exists) { open(“/tmp/foo”, O_RDWR | O_CREAT); } else { error(); } file /tmp/foo write() read() close() unlink() hostile proc umask() symlink(“/tmp/foo”, “/etc/passwd”)

24 Preventing FS Race Conds Could create foo in dir owned/writable only by owner of proc Can be hard to ensure this Still have to watch out for filename collisions

25 Preventing FS Race Conds Could make file names hard to predict (e.g., picked randomly) Exploit still possible; hard to make fnames really random Similar “prediction” attack used to break early Netscape implementation of SSL

26 Preventing FS Race Conds Ultimate answer: use OS atomicity facilities open(“/tmp/foo”, O_RDWR | O_CREAT | O_EXCL) Similar mechanisms used at OS level to ensure atomic access to locks/monitors atomicTestAndSet(), et al. Harder w/ distributed databases -- data lives on multiple hosts DBs usually offer atomic access mechanisms for you Always be on guard!

27 Screwing up in Java private Thread _myLock=null; public void myCriticalMethod() { while (_myLock!=null); _myLock=Thread.currentThread(); // do mutex critical section code _myLock=null; }

Download ppt "Oh what a tangled web we weave… … when first to thread we do conceive Lecture 24, Dec 08."

Similar presentations

DATA STRUCTURES Lecture: Interfaces Slides adapted from Prof. Steven Roehrig.

DATA STRUCTURES Lecture: Interfaces Slides adapted from Prof. Steven Roehrig.
Multi-threaded applications SE-28111. SE-2811 Dr. Mark L. Hornick 2 What SE1011 students are told… When the main() method is called, the instructions.

Multi-threaded applications SE SE-2811 Dr. Mark L. Hornick 2 What SE1011 students are told… When the main() method is called, the instructions.
Race Conditions. Isolated & Non-Isolated Processes Isolated: Do not share state with other processes –The output of process is unaffected by run of other.

Race Conditions. Isolated & Non-Isolated Processes Isolated: Do not share state with other processes –The output of process is unaffected by run of other.
Concurrency.

Concurrency.
George Blank University Lecturer. CS 602 Java and the Web Object Oriented Software Development Using Java Chapter 4.

George Blank University Lecturer. CS 602 Java and the Web Object Oriented Software Development Using Java Chapter 4.
© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 15 Implementation Flaws Part 3: Randomness and Timing Issues.

© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 15 Implementation Flaws Part 3: Randomness and Timing Issues.
Race Conditions Critical Sections Deker’s Algorithm.

Race Conditions Critical Sections Deker’s Algorithm.
Java Puzzlers. Administrivia Reminder: Final exam Can replace final w/ midterm if you warn me Reminder: Final project One group still needs to schedule.

Java Puzzlers. Administrivia Reminder: Final exam Can replace final w/ midterm if you warn me Reminder: Final project One group still needs to schedule.
Administrivia P2 all grades available now Relative importance of scores M1: 30% M2: 30% Rollout: 40% P3 -- good progress so far! Looks like a lot of the.

Administrivia P2 all grades available now Relative importance of scores M1: 30% M2: 30% Rollout: 40% P3 -- good progress so far! Looks like a lot of the.
Building Secure Software Chapter 9 Race Conditions.

Building Secure Software Chapter 9 Race Conditions.
Synchronization in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

Synchronization in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
Talking to Threads. Administriva Grade summary today.

Talking to Threads. Administriva Grade summary today.
Race Conditions and Security. News o’ the day Java security flaws 3 bugs in Sun’s JRE Elevation of privilege, execution of arbitrary code, read/write.

Race Conditions and Security. News o’ the day Java security flaws 3 bugs in Sun’s JRE Elevation of privilege, execution of arbitrary code, read/write.
Give an example to show the advantages to using multithreaded Clients See page 142 of the core book (Tanebaum 2002).

Give an example to show the advantages to using multithreaded Clients See page 142 of the core book (Tanebaum 2002).
Oh what a tangled web we weave...... when first to thread we do conceive.

Oh what a tangled web we weave when first to thread we do conceive.
Proxy Design Pattern Source: Design Patterns – Elements of Reusable Object- Oriented Software; Gamma, et. al.

Proxy Design Pattern Source: Design Patterns – Elements of Reusable Object- Oriented Software; Gamma, et. al.
Threads in Java1 Concurrency Synchronizing threads, thread pools, etc.

Threads in Java1 Concurrency Synchronizing threads, thread pools, etc.
CS252: Systems Programming Ninghui Li Final Exam Review.

CS252: Systems Programming Ninghui Li Final Exam Review.
Concurrency Recitation – 2/24 Nisarg Raval Slides by Prof. Landon Cox.

Concurrency Recitation – 2/24 Nisarg Raval Slides by Prof. Landon Cox.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Similar presentations

Ads by Google