Squatting Attack
   HOME

TheInfoList



Click Here for Items Related To - Squatting Attack
OR:
Squatting Attack on:   [Wikipedia]   [Google]   [Amazon]

Squatting attack, in
computer science Computer science is the study of computation, automation, and information. Computer science spans theoretical disciplines (such as algorithms, theory of computation, information theory, and automation) to Applied science, practical discipli ...
, is a kind of
DoS attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connect ...
where a
program Program, programme, programmer, or programming may refer to: Business and management * Program management, the process of managing several related projects * Time management * Program, a part of planning Arts and entertainment Audio * Progra ...
interferes with another program through the use of shared
synchronization Synchronization is the coordination of events to operate a system in unison. For example, the conductor of an orchestra keeps the orchestra synchronized or ''in time''. Systems that operate with all parts in synchrony are said to be synchronou ...
objects in an unwanted or unexpected way. That attack is known in the
Microsoft Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
operating system, which offers named objects as an interprocess synchronization mechanism. With named objects, a process may open a synchronization object as a shared resource by just specifying a name. Subsequent processes may use the same name to open that resource and have a way to synchronize with the first process. The squatting attack is possible because, if the legitimate program does not enforce tight security rules for the resources, processes from arbitrary security contexts may gain access to them and ultimately take control of the system. Consider, for example,
antivirus software Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the nam ...
installed on a Microsoft Windows machine. The solution has two pieces:The example serves just as an illustration. Additional components might be required for it to work properly, as e.g. a driver. a service, which monitors and scans every file when it is opened, and a manual scanner, which scans the
file system In computing, file system or filesystem (often abbreviated to fs) is a method and data structure that the operating system uses to control how data is stored and retrieved. Without a file system, data placed in a storage medium would be one larg ...
when a user requests it. Under normal conditions the service should scan the system occasionally. However, if a user requests a manual scan, the service must stop temporarily to let the manual scanner work, otherwise every file would be scanned twice: by the manual scanner and by the service. To solve this problem the vendor chooses to implement an event based synchronization mechanism, where the service keeps a named event opened and checks it whenever a file is opened. If the event is ''unset'' the file is scanned, otherwise it is ignored. The manual scanner, then, to operate, opens the named event, sets it before scanning (disabling the service), scans the file system and resets the event back when finished. This design is prone to a squatting attack because a malicious program can set the named event and disable the service completely.


Notes


References

# # {{cite web , title = Object Names , publisher =
Microsoft Developer Network Microsoft Developer Network (MSDN) was the division of Microsoft responsible for managing the firm's relationship with developers and testers, such as hardware developers interested in the operating system (OS), and software developers developing ...
, url = http://msdn2.microsoft.com/en-us/library/ms684292.aspx , accessdate = 2007-05-15 Concurrency control Denial-of-service attacks