Simple record

dc.rights.licenseAttribution 4.0 International
dc.contributor.authorSantos Grueiro, Igor
dc.contributor.otherLlorente-Vazquez, Oscar
dc.contributor.otherGarcía Bringas, Pablo
dc.date.accessioned2024-02-02T08:53:08Z
dc.date.available2024-02-02T08:53:08Z
dc.date.issued2023
dc.identifier.issn2169-3536
dc.identifier.otherhttps://katalogoa.mondragon.edu/janium-bin/janium_login_opac.pl?find&ficha_no=172985
dc.identifier.urihttps://hdl.handle.net/20.500.11984/6210
dc.description.abstractConcurrent programs are widespread in modern systems. They make better use of processor resources but inevitably introduce a new set of problems in terms of reliability and security. Concurrency bugs usually lead to program crashes and unexpected behavior, and are an active research topic. From a security perspective, concurrency vulnerabilities are those that exhibit harmful behavior exclusively in concurrent executions. They can take place in a diverse range of environments, such as in operating system kernels, file system operations, or general-purpose multithreaded programs. A particular characteristic of concurrency is that it not only introduces new problems, but also enables traditional vulnerabilities to be triggered in concurrent-specific ways. Those that lead to dangerous security vulnerabilities usually cause memory corruption, a strong and flexible primitive for exploitation, and are known as concurrency memory corruption vulnerabilities. In this paper, we systematically analyze concurrency vulnerabilities in C and C++ programs, their exploitation and their detection, focusing on concurrency memory corruption vulnerabilities. We organize previous work on concurrency bug characteristics and detection, and highlight the differences in relation to vulnerabilities. Then, we examine the existence of concurrency vulnerabilities in real-world programs by searching the CVE database and point out a growing trend. Further, we analyze and compare existing detection approaches towards concurrency memory corruption.
dc.language.isoeng
dc.publisherIEEE
dc.rights© 2023 The Authors
dc.rights.urihttp://creativecommons.org/licenses/by/4.0/
dc.subjectConcurrent computing
dc.subjectInstruction sets
dc.subjectComputer bugs
dc.subjectTesting
dc.subjectProgramming
dc.subjectBehavioral sciences
dc.subjectSynchronization
dc.titleWhen Memory Corruption Met Concurrency: Vulnerabilities in Concurrent Programs
dcterms.accessRightshttp://purl.org/coar/access_right/c_abf2
dcterms.sourceIEEE Access
local.description.peerreviewedtrue
local.identifier.doihttps://doi.org/10.1109/ACCESS.2023.3272833
local.contributor.otherinstitutionhttps://ror.org/00ne6sr39
local.contributor.otherinstitutionHP Labs
local.source.detailsVol. 11. Pp. 44725-44740, 2023
oaire.format.mimetypeapplication/pdf
oaire.file$DSPACE\assetstore
oaire.resourceTypehttp://purl.org/coar/resource_type/c_6501
oaire.versionhttp://purl.org/coar/version/c_970fb48d4fbd8a85


Files in this item

Thumbnail
Thumbnail

This item appears in the following Collection(s)

Simple record

Attribution 4.0 International
Except where otherwise noted, this item's license is described as Attribution 4.0 International