ABSTRACT

Just as errors in sequential programs can lead to security exploits, errors in concurrent programs can lead to concurrency attacks. Questions such as whether these attacks are feasible and what characteristics they have remain largely unknown. In this talk, I will present a preliminary study of concurrency attacks and the security implications of real world concurrency errors. Our study shows that concurrency attacks are indeed real and can be practiced by attackers to violate confidentiality, integrity, and availability of critical systems. Based on our study, we propose new research directions for accurately Detecting, Avoiding, Surviving, and Healing concurrency errors.  If successful, our research will result in a novel approach and a system called DASH for improving software security and reliability, benefiting the Nation’s cyber security; the Military can also gain new competitive means in cyber warfare by running DASH to identify concurrency vulnerabilities in the infrastructure of hostile nations.