Camp 2007 - 1.01

Chaos Communication Camp 2007
To infinity and beyond

Lisa Thalheim
Day 3
Room Shelter Bar
Start time 18:30
Duration 01:00
ID 1996
Event type Lecture
Track Hacking
Language English

Twisting timing in your favour

Finding and exploiting concurrency issues in software

This lecture wants to make the audience a bit more familiar with a species of bugs that is not yet as boring and overfished as your vanilla buffer overflow: concurrency issues. Bring your debugger and some rubber gloves, because when investigating these beasts, you will need them.

Concurrency of operation can be found in most larger software systems; think multi-threading, think UNIX signals, think asynchronous I/O operations, to give just a few hints. However, since concurrency always adds complexity in non-obvious ways, there are all kinds of things that it can make go wrong. Usually, this boils down to the violation of assumptions the system's developers have made - and violated assumptions have always been a hacker's best friend. After a brief introduction to what concurrency issues actually are, this presentation will show how to approach finding and exploiting these issues in software systems and highlight some of the challenges the nosy hacker faces in doing so. The presented material will be supported by examples from real-world software.

Archived page - Impressum/Datenschutz