Skip to main content
SpringerLink
Log in

Untrusted Hardware Causes Double-Fetch Problems in the I/O Memory

  • Regular Paper
  • Published:
Journal of Computer Science and Technology Aims and scope Submit manuscript

Abstract

The double fetch problem occurs when the data is maliciously changed between two kernel reads of the supposedly same data, which can cause serious security problems in the kernel. Previous research focused on the double fetches between the kernel and user applications. In this paper, we present the first dedicated study of the double fetch problem between the kernel and peripheral devices (aka. the hardware double fetch). Operating systems communicate with peripheral devices by reading from and writing to the device mapped I/O (input and output) memory. Owing to the lack of effective validation of the attached hardware, compromised hardware could flip the data between two reads of the same I/O memory address, causing a double fetch problem. We propose a static pattern-matching approach to identify the hardware double fetches from the Linux kernel. Our approach can analyze the entire kernel without relying on the corresponding hardware. The results are categorized and each category is analyzed using case studies to discuss the possibility of causing bugs. We also find four previously unknown double-fetch vulnerabilities, which have been confirmed and fixed after reporting them to the maintainers.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Tahir R, Hamid Z, Tahir H. Analysis of AutoPlay feature via the USB flash drives. In Proc. the World Congress on Engineering, July 2008.

  2. Wang P F, Lu K, Li G, Zhou X. A survey of the double-fetch vulnerabilities. Concurrency and Computation Practice and Experience, 2018, 30(6): e4345.

    Article  Google Scholar 

  3. Jurczyk M, Coldwind G. Identifying and exploiting windows kernel race conditions via memory access patterns. Technical Report, Google Research, 2013. http://pdfs.semanticscholar.org/ca60/2e7193f159a56a3559-f08b677abfba60beb2.pdf, Mar. 2018.

  4. Wilhelm F. Tracing privileged memory accesses to discover software vulnerabilities [Master’s Thesis]. Operating Systems Group, Karlsruhe Institute of Technology (KIT), Germany, 2015.

  5. Wang P F, Krinke J, Lu K, Li G, Dodier-Lazaro S. How double-fetch situations turn into double-fetch vulnerabilities: A study of double fetches in the Linux kernel. In Proc. the 26th USENIX Security Symp., August 2017.

  6. Chou A, Yang J F, Chelf B, Hallem S, Engler D. An empirical study of operating systems errors. ACM SIGOPS Operating Systems Review, 2011, 35(5): 73-88.

    Article  Google Scholar 

  7. Palix N, Thomas G, Saha S, Calvès C, Lawall J, Muller G. Faults in Linux: Ten years later. ACM SIGPLAN Notices, 2011, 46(3): 305-318.

    Article  Google Scholar 

  8. Swift M M, Bershad B N, Levy H M. Improving the reliability of commodity operating systems. ACM Trans. Computer Systems, 2005, 23(1): 77-110.

    Article  Google Scholar 

  9. Bishop M, Dilger M. Checking for race conditions in file accesses. Computing Systems, 1996, 9(2): 131-152.

    Google Scholar 

  10. Watson R N M. Exploiting concurrency vulnerabilities in system call wrappers. In Proc. the 1st USENIX Workshop on Offensive Technologies, August 2007.

  11. Chen H, Wagner D. MOPS: An infrastructure for examining security properties of software. In Proc. the 9th ACM Conf. Computer and Communications Security, November 2002, pp.235-244.

  12. Cowan C, Beattie S, Wright C, Kroah-Hartman G. Race-Guard: Kernel protection from temporary file race vulnerabilities. In Proc. the 10th Conf. USENIX Security Symp., August 2001, pp.165-176.

  13. Lhee K S, Chapin S J. Detection of file-based race conditions. International Journal of Information Security, 2005, 4(1/2): 105-119.

    Article  Google Scholar 

  14. Cai X, Gui Y W, Johnson R. Exploiting Unix file-system races via algorithmic complexity attacks. In Proc. the 30th IEEE Symp. Security and Privacy, May 2009, pp.27-20.

  15. Payer M, Gross T R. Protecting applications against TOCTTOU races by user-space caching of file metadata. In Proc. the 8th ACM SIGPLAN/SIGOPS Conf. Virtual Execution Environments, March 2012.

  16. Lawall J, Laurie B, Hansen R R, Palix N, Muller G. Finding error handling bugs in OpenSSL using Coccinelle. In Proc. the 2010 European Dependable Computing Conf., April 2010, pp.191-196.

  17. Brunel J, Doligez D, Hansen R R, Lawall J L, Muller G. A foundation for flow-based program matching: Using temporal logic and model checking. In Proc. the 36th Annual ACM SIGPLAN-SIGACT Symp. Principles of Programming Languages, January 2009.

  18. Lie D, Thekkath C A, Horowitz M. Implementing an untrusted operating system on trusted hardware. ACM SIGOPS Operating Systems Review, 2003, 37(5): 178-192.

    Article  Google Scholar 

  19. Irvine C E, Levitt K. Trusted hardware: Can it be trustworthy? In Proc. the 44th ACM/IEEE Design Automation Conf., June 2007.

  20. Katz J. Universally composable multi-party computation using tamper-proof hardware. In Proc. the 26th Annual Int. Conf. the Theory and Applications of Cryptographic Techniques, May 2007, pp.115-128.

  21. Chandran N, Goyal V, Sahai A. New constructions for UC secure computation using tamper-proof hardware. In Proc. the 27th Annual Int. Conf. the Theory and Applications of Cryptographic Techniques, April 2008, pp.545-562.

  22. Yang J F, Cui A, Stolfo S, Sethumadhavan S. Concurrency attacks. In Proc. the 4th USENIX Conf. Hot Topics in Parallelism, June 2012.

  23. Mulliner C, Michéle B. Read it twice! A mass-storage-based TOCTTOU attack. In Proc. the 6th USENIX Conf. Offensive Technologies, August 2012, pp.105-112.

Download references

Acknowledgment

The authors thank the anonymous reviewers for their helpful feedback.

Author information

Authors and Affiliations

  1. College of Computer, National University of Defense Technology, Changsha, 410073, China

    Kai Lu, Peng-Fei Wang, Gen Li & Xu Zhou

  2. Science and Technology on Parallel and Distributed Processing Laboratory, National University of Defense Technology, Changsha, 410073, China

    Kai Lu

  3. Collaborative Innovation Center of High-Performance Computing, National University of Defense Technology, Changsha, 410073, China

    Kai Lu

Authors
  1. Kai Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Peng-Fei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gen Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xu Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Peng-Fei Wang.

Electronic supplementary material

Below is the link to the electronic supplementary material.

ESM 1

(PDF 5970 kb)

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lu, K., Wang, PF., Li, G. et al. Untrusted Hardware Causes Double-Fetch Problems in the I/O Memory. J. Comput. Sci. Technol. 33, 587–602 (2018). https://doi.org/10.1007/s11390-018-1842-3

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11390-018-1842-3

Keywords

Search

Navigation