Static Analysis of TOCTTOU Vulnerabilities in Unix-Style File System

TOCTTOU is a serious threat to Unix-style file systems. All the existing static detection methods have high false positive rate. There are two reasons: firstly, the function pairs which may cause TOCTTOU vulnerabilities are not defined and enumerated accurately; and secondly, the methods make an over-approximation of the program and omit a lot of useful information. In this paper, we first systematically examine the TOCTTOU pairs in the standard C library. On this basis, a static analysis method is presented to detect the TOCTTOU vulnerabilities. Vulnerability is expressed as a finite safety state property. At each program point, a value is associated to a set of states. To make the analysis more precise, the algorithm is inter-procedurally flow sensitive and intra-procedurally path sensitive. To achieve scalability, the safety state property of each procedural is analyzed independently and the inter-procedurally analysis is summary based. The experimental results show that this method can effectively find TOCTTOU vulnerabilities in C programs. In comparison with other static methods, this method can effectively reduce false positive rate.