Visible to the public OWL: Understanding and Detecting Concurrency Attacks

TitleOWL: Understanding and Detecting Concurrency Attacks
Publication TypeConference Paper
Year of Publication2018
AuthorsZhao, Shixiong, Gu, Rui, Qiu, Haoran, Li, Tsz On, Wang, Yuexuan, Cui, Heming, Yang, Junfeng
Conference Name2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
Date Publishedjun
Keywordsbug-inducing inputs, composability, Computer bugs, Concurrency, Concurrency Attack, concurrency attack exploit scripts, concurrency bug detectors, concurrency control, Concurrent computing, cyber-physical system, Cyber-physical systems, Instruction sets, knowledge representation languages, Linux, Metrics, OWL, OWL source code, Predictive Metrics, program debugging, pubcrawl, public domain software, resilience, Resiliency, security, single-threaded programs, Software Testing, Tools
AbstractJust like bugs in single-threaded programs can lead to vulnerabilities, bugs in multithreaded programs can also lead to concurrency attacks. We studied 31 real-world concurrency attacks, including privilege escalations, hijacking code executions, and bypassing security checks. We found that compared to concurrency bugs' traditional consequences (e.g., program crashes), concurrency attacks' consequences are often implicit, extremely hard to be observed and diagnosed by program developers. Moreover, in addition to bug-inducing inputs, extra subtle inputs are often needed to trigger the attacks. These subtle features make existing tools ineffective to detect concurrency attacks. To tackle this problem, we present OWL, the first practical tool that models general concurrency attacks' implicit consequences and automatically detects them. We implemented OWL in Linux and successfully detected five new concurrency attacks, including three confirmed and fixed by developers, and two exploited from previously known and well-studied concurrency bugs. OWL has also detected seven known concurrency attacks. Our evaluation shows that OWL eliminates 94.1% of the reports generated by existing concurrency bug detectors as false positive, greatly reducing developers' efforts on diagnosis. All OWL source code, concurrency attack exploit scripts, and results are available on github.com/hku-systems/owl.
DOI10.1109/DSN.2018.00033
Citation Keyzhao_owl:_2018