How to Open a File and Not Get Hacked

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by James A. Kupsch Articles by Barton P. Miller

2008 Third International Conference on Availability, Reliability and Security

March 04-March 07

ISBN: 978-0-7695-3102-1

	ASCII Text	x
	James A. Kupsch, Barton P. Miller, "How to Open a File and Not Get Hacked," Availability, Reliability and Security, International Conference on, pp. 1196-1203, 2008 Third International Conference on Availability, Reliability and Security, 2008.

	BibTex	x
	@article{ 10.1109/ARES.2008.53, author = {James A. Kupsch and Barton P. Miller}, title = {How to Open a File and Not Get Hacked}, journal ={Availability, Reliability and Security, International Conference on}, volume = {0}, year = {2008}, isbn = {978-0-7695-3102-1}, pages = {1196-1203}, doi = {http://doi.ieeecomputersociety.org/10.1109/ARES.2008.53}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Availability, Reliability and Security, International Conference on TI - How to Open a File and Not Get Hacked SN - 978-0-7695-3102-1 SP1196 EP1203 A1 - James A. Kupsch, A1 - Barton P. Miller, PY - 2008 KW - file open KW - trusted path KW - secure programming VL - 0 JA - Availability, Reliability and Security, International Conference on ER -

James A. Kupsch

Barton P. Miller

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ARES.2008.53

Careless attention to opening files, often caused by problems with path traversal or shared directories, can expose applications to attacks on the file names that they use. In this paper we present criteria to determine if a path is safe from attack and how previous algorithms are not sufficient to protect against such attacks. We then describe an algorithm to safely open a file when in the presence of an attack (and how to detect the presence of such an attack), and provide a new library of file open routines that embodies our algorithm. These routines can be used as one-for-one substitutes for conventional POSIX open and fopen calls.

Index Terms:

file open, trusted path, secure programming

Citation:

James A. Kupsch, Barton P. Miller, "How to Open a File and Not Get Hacked," ares, pp.1196-1203, 2008 Third International Conference on Availability, Reliability and Security, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.