[concurrency-interest] Concurrency and security

David Holmes davidcholmes at aapt.net.au
Thu May 20 06:28:19 EDT 2010


Kai Meder writes:
> On 20.05.2010 07:47, Yao Qi wrote:
> >> Oops! Indeed. Even with sync the API is fatally flawed.
> >>
> >> I don't know if the tools will be able to detect the inherent
> >>check-then-act sequence.
> >
> > David, this kind of error is regarded as "atomic violation".  I don't
> > know either if tools can detect such errors *accurately* and
> > *efficiently*, even there are a lot of papers on this topic.
>
> May anyone post a simple yet non-flawed API avoiding check-then-act?

For the authentication example you need to know what it is that is being
authenticated and what authentication means. In that simple example anyone
could call authenticate() so there was no real security anyway.

One simple approach is to associate an authentication token with a thread,
and the methods that need the caller to be authenticated can check that
token - typically stored via a thread-local.

Another is to make the token explicit and pass it around as a "security
context" as a parameter to each method called. That way many threads can
share the same token if appropriate.

Real authentication is much more complicated than these simplistic
suggestions and getting somewhat off-topic.

Cheers,
David Holmes



More information about the Concurrency-interest mailing list