[concurrency-interest] Concurrency and security

Yao Qi qiyaoltc at gmail.com
Thu May 20 01:41:42 EDT 2010


On Thu, May 20, 2010 at 12:58 PM, Enno Shioji <eshioji at gmail.com> wrote:
> Hmm.. I know that some IDE and tools provide "race condition
> detection". I've never used them though. It might be interesting to
> search "static analysis tool java race condition" or "static analysis
> tool concurrency" on google and see what you get.

Beside static analysis, race condition detection can be done in a
dynamic way.  Race detector in MulticoreSDK
(www.alphaworks.ibm.com/tech/msdk/) can detect potential race
conditions in parallel java programs.  you can run it with your
program, and output is easy to understand, shown as below,

Race Detector Version: 2.2.0, Build Time: 20100424-1134.
 Data Race 1 : 1 : Auth : clearance
  Thread "Thread-4" : Tid 13 : Rid 0 : WRITE
        Lock Set : [ ]
        Vector Clock : 2
      [Auth : authenticate()V : 1 : 33]
      [Driver$1 : run()V : 1 : 10]
  Thread "Thread-5" : Tid 14 : Rid 0 : WRITE
        Lock Set : [ ]
        Vector Clock : 2
      [Auth : deauthenticate()V : 1 : 37]
      [Driver$2 : run()V : 1 : 17]

"Auth:clearance" means there is a race on class Auth field clearance.
Two threads (Thread-4 and Thread-5) WRITE this field.  With callchain
information, it is easy to identify the problem.

>
> I think intellij IDEA (Java IDE) also has a static analysis tool to
> detect race conditions.
>
> Maybe you can reproduce the particular example and code it so that one
> instance is accessed from bunch of threads, then analyze the code and
> see if it detects it. Since it's a super simple example, I think there
> is a very good change they'll do.
>
>
> Regards,
> Enno
>
>
> On Thu, May 20, 2010 at 10:18 AM, James Gan <ganzhi at gmail.com> wrote:
>> A nice example! A follow-up open question: is it possible to detect
>> such error by atomatic tool? Seems very difficult!
>>
>> On Thu, May 20, 2010 at 12:24 PM, Enno Shioji <eshioji at gmail.com> wrote:
>>> A very silly (but it happens! I've seen one like this before) example would be:
>>>
>>>
>>> class Auth {
>>>    private boolean clearance = false;
>>>
>>>    public void authenticate(){
>>>        this.clearance = true;
>>>    }
>>>
>>>    public void deauthenticate(){
>>>        this.clearance = false;
>>>    }
>>>
>>>    public String readSecretData(){
>>>         if(clearance){
>>>             return "Company secret";
>>>         }else{
>>>             return "Gotcha, hacker!";
>>>         }
>>>    }
>>>
>>> And then Auth is made a singleton because "It will increase
>>> performance!*" and these three methods are called from random number
>>> of threads. Then users without clearance will start to see secret data
>>> occasionally.
>>>
>>> *: Making a class a singleton doesn't make things faster in most of the cases..
>>>
>>>
>>> Regards,
>>> Enno
>>>
>>>
>>>
>>> On Thu, May 20, 2010 at 9:24 AM, David Holmes <davidcholmes at aapt.net.au> wrote:
>>>> An unidentified poster writes:
>>>>> I am investigating an interesting topic: if the concurrency can harm
>>>> software security.
>>>>> Is there any software security issue  stemming from concurrency?
>>>>
>>>> Yes. In poorly constructed systems race conditions could lead to various
>>>> invariant violations, including those pertaining to "security".
>>>>
>>>> In a platform like Java, the programming language must ensure there are some
>>>> basic guarantees even in the face of race conditions. For Java this is
>>>> defined as part of the Java Memory Model, which ensures that you can't see
>>>> uninitialized fields (though they may be default initialized), and provides
>>>> for correct visibility of final fields.
>>>>
>>>> But even if the language provides basic guarantees, it is up to classes to
>>>> use the language facilities correctly to ensure that they can't be
>>>> compromised by race conditions induced by client code.
>>>>
>>>> And of course the runtime system (for Java that's the VM) must also be
>>>> written correctly to ensure no concurrency related security holes exist.
>>>>
>>>> Hope this gives you enough to do a proper investigation. ;-)
>>>>
>>>> David Holmes
>>>>
>>>> _______________________________________________
>>>> Concurrency-interest mailing list
>>>> Concurrency-interest at cs.oswego.edu
>>>> http://cs.oswego.edu/mailman/listinfo/concurrency-interest
>>>>
>>>
>>> _______________________________________________
>>> Concurrency-interest mailing list
>>> Concurrency-interest at cs.oswego.edu
>>> http://cs.oswego.edu/mailman/listinfo/concurrency-interest
>>>
>>
>>
>>
>> --
>> Best Regards
>> James Gan
>> Current Project: Concurrent Building Block at http://amino-cbbs.sourceforge.net/
>> Blog: http://ganzhi.blogspot.com
>>
>
> _______________________________________________
> Concurrency-interest mailing list
> Concurrency-interest at cs.oswego.edu
> http://cs.oswego.edu/mailman/listinfo/concurrency-interest
>



-- 
Yao Qi <qiyaoltc AT gmail DOT com>    GNU/Linux Developer
http://duewayqi.googlepages.com/



More information about the Concurrency-interest mailing list