VOTD: Time of Check, Time of Use Engineering Secure Software Last - - PowerPoint PPT Presentation

▶

Jul 26, 2023 297 likes •385 views

VOTD: Time of Check, Time of Use Engineering Secure Software Last Revised: September 1, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 What is Time of Check, Time of Use? Analogy: Jill asks Dan to have tea ready for her when

SLIDE 1

SWEN-331: Engineering Secure Software Benjamin S Meyers

VOTD: Time of Check, Time of Use

Engineering Secure Software

Last Revised: September 1, 2020 1

SLIDE 2

SWEN-331: Engineering Secure Software Benjamin S Meyers

What is Time of Check, Time of Use?

Analogy: Jill asks Dan to have tea ready for her when she gets

home from work. Dan checks that he has a clean cup, tea, and sugar for Jill’s cup of tea; there is just enough sugar. Satisfied that he can make Jill’s tea, Dan takes a nap. While napping, Dan & Jill’s son, Paul, makes a cup of tea and uses all

f the sugar. When Dan wakes up to make tea for Jill, he sees

that all of the sugar is gone and panics!

SLIDE 3

SWEN-331: Engineering Secure Software Benjamin S Meyers

What is Time of Check, Time of Use?

Dan (Process 1): checks for sugar
Paul (Process 2): uses all of the sugar
Dan (Process 1): tries to use the sugar, but it isn’t there
Dan and Paul are separate processes competing for the same

resources

This is a race condition, a change in the state of the system

between when a condition was checked and when action is taken based on that condition

SLIDE 4

SWEN-331: Engineering Secure Software Benjamin S Meyers

Examples

L1 Terminal Fault

○ Microprocessors have different layers of cache (L1, L2, L3) ○ L1 cache is very small (32KB) ○ Processors use virtual and physical memory and try to swap data between the two for optimization purposes ○ A process could check the L1 cache, see that data is there, go do

ther stuff, but then reference the memory address of that data,

which has been swapped to virtual memory ○ More information from the RedHat blog

SLIDE 5

SWEN-331: Engineering Secure Software Benjamin S Meyers

Examples

○ CVE-2004-0594 ○ The fix

Debian’s checkinstall script

○ CVE-2008-2958 ○ Original bug report

SLIDE 6

SWEN-331: Engineering Secure Software Benjamin S Meyers

Mitigations

Whenever possible, make transactions as atomic as possible

○ If the technology provides a way to check the data and act on it in a single transaction, always do that

If you can’t be atomic, reduce the time between the check

and use as much as possible

Limit the number of processes that can access a resource
Recheck the resource for integrity after using it

SLIDE 7

SWEN-331: Engineering Secure Software Benjamin S Meyers

Notes

Sometimes, depending on the technology or the situation,

TOCTOU vulnerabilities cannot be fully mitigated

TOCTOU is usually a concurrency issue

VOTD: Time of Check, Time of Use

Engineering Secure Software

What is Time of Check, Time of Use?

home from work. Dan checks that he has a clean cup, tea, and sugar for Jill’s cup of tea; there is just enough sugar. Satisfied that he can make Jill’s tea, Dan takes a nap. While napping, Dan & Jill’s son, Paul, makes a cup of tea and uses all

that all of the sugar is gone and panics!

What is Time of Check, Time of Use?

resources

between when a condition was checked and when action is taken based on that condition

Examples

○ Microprocessors have different layers of cache (L1, L2, L3) ○ L1 cache is very small (32KB) ○ Processors use virtual and physical memory and try to swap data between the two for optimization purposes ○ A process could check the L1 cache, see that data is there, go do

which has been swapped to virtual memory ○ More information from the RedHat blog

Examples

○ CVE-2004-0594 ○ The fix

○ CVE-2008-2958 ○ Original bug report

Mitigations

○ If the technology provides a way to check the data and act on it in a single transaction, always do that

and use as much as possible

Notes

TOCTOU vulnerabilities cannot be fully mitigated

○ All of the best design practices for concurrency apply here