Defense and Attack Techniques Against File-Based TOCTOU Vulnerabilities: A Systematic Review
File-based <italic>Time-of-Check to Time-of-Use</italic> (TOCTOU) race conditions are a well-known type of security vulnerability. A wide variety of techniques have been proposed to detect, mitigate, avoid, and exploit these vulnerabilities over the past 35 years. However, despite these...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2022-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/9718065/ |
_version_ | 1811342212130144256 |
---|---|
author | Razvan Raducu Ricardo J. Rodriguez Pedro Alvarez |
author_facet | Razvan Raducu Ricardo J. Rodriguez Pedro Alvarez |
author_sort | Razvan Raducu |
collection | DOAJ |
description | File-based <italic>Time-of-Check to Time-of-Use</italic> (TOCTOU) race conditions are a well-known type of security vulnerability. A wide variety of techniques have been proposed to detect, mitigate, avoid, and exploit these vulnerabilities over the past 35 years. However, despite these research efforts, TOCTOU vulnerabilities remain unsolved due to their non-deterministic nature and the particularities of the different filesystems involved in running vulnerable programs, especially in Unix-like operating system environments. In this paper, we present a systematic literature review on defense and attack techniques related to the file-based TOCTOU vulnerability. We apply a reproducible methodology to search, filter, and analyze the most relevant research proposals to define a global and understandable vision of existing solutions. The results of this analysis are finally used to discuss future research directions that can be explored to move towards a universal solution to this type of vulnerability. |
first_indexed | 2024-04-13T19:07:35Z |
format | Article |
id | doaj.art-e7a019ed3ce04d73ab040a6536d40c7a |
institution | Directory Open Access Journal |
issn | 2169-3536 |
language | English |
last_indexed | 2024-04-13T19:07:35Z |
publishDate | 2022-01-01 |
publisher | IEEE |
record_format | Article |
series | IEEE Access |
spelling | doaj.art-e7a019ed3ce04d73ab040a6536d40c7a2022-12-22T02:33:57ZengIEEEIEEE Access2169-35362022-01-0110217422175810.1109/ACCESS.2022.31530649718065Defense and Attack Techniques Against File-Based TOCTOU Vulnerabilities: A Systematic ReviewRazvan Raducu0https://orcid.org/0000-0002-8938-755XRicardo J. Rodriguez1https://orcid.org/0000-0001-7982-0359Pedro Alvarez2https://orcid.org/0000-0002-6584-7259Department of Computer Science and Systems Engineering, University of Zaragoza, Zaragoza, SpainDepartment of Computer Science and Systems Engineering, University of Zaragoza, Zaragoza, SpainDepartment of Computer Science and Systems Engineering, University of Zaragoza, Zaragoza, SpainFile-based <italic>Time-of-Check to Time-of-Use</italic> (TOCTOU) race conditions are a well-known type of security vulnerability. A wide variety of techniques have been proposed to detect, mitigate, avoid, and exploit these vulnerabilities over the past 35 years. However, despite these research efforts, TOCTOU vulnerabilities remain unsolved due to their non-deterministic nature and the particularities of the different filesystems involved in running vulnerable programs, especially in Unix-like operating system environments. In this paper, we present a systematic literature review on defense and attack techniques related to the file-based TOCTOU vulnerability. We apply a reproducible methodology to search, filter, and analyze the most relevant research proposals to define a global and understandable vision of existing solutions. The results of this analysis are finally used to discuss future research directions that can be explored to move towards a universal solution to this type of vulnerability.https://ieeexplore.ieee.org/document/9718065/File-based race conditionTOCTOU vulnerabilityavoidance techniques |
spellingShingle | Razvan Raducu Ricardo J. Rodriguez Pedro Alvarez Defense and Attack Techniques Against File-Based TOCTOU Vulnerabilities: A Systematic Review IEEE Access File-based race condition TOCTOU vulnerability avoidance techniques |
title | Defense and Attack Techniques Against File-Based TOCTOU Vulnerabilities: A Systematic Review |
title_full | Defense and Attack Techniques Against File-Based TOCTOU Vulnerabilities: A Systematic Review |
title_fullStr | Defense and Attack Techniques Against File-Based TOCTOU Vulnerabilities: A Systematic Review |
title_full_unstemmed | Defense and Attack Techniques Against File-Based TOCTOU Vulnerabilities: A Systematic Review |
title_short | Defense and Attack Techniques Against File-Based TOCTOU Vulnerabilities: A Systematic Review |
title_sort | defense and attack techniques against file based toctou vulnerabilities a systematic review |
topic | File-based race condition TOCTOU vulnerability avoidance techniques |
url | https://ieeexplore.ieee.org/document/9718065/ |
work_keys_str_mv | AT razvanraducu defenseandattacktechniquesagainstfilebasedtoctouvulnerabilitiesasystematicreview AT ricardojrodriguez defenseandattacktechniquesagainstfilebasedtoctouvulnerabilitiesasystematicreview AT pedroalvarez defenseandattacktechniquesagainstfilebasedtoctouvulnerabilitiesasystematicreview |