Squatting attack
Encyclopedia
Squatting attack, in computer science
, is a kind of DoS attack
where a program interferes with another program through the use of shared synchronization
objects in an unwanted or unexpected way.
That attack is known in the Microsoft Windows
operating system, which offers named objects as an interprocess synchronization mechanism. With named objects, a process may open a synchronization object as a shared resource by just specifying a name. Subsequent processes may use the same name to open that resource and have a way to synchronize with the first process. The squatting attack is possible because, if the legitimate program does not enforce tight security rules for the resources, processes from arbitrary security contexts may gain access to them and ultimately take control of the system.
Consider, for example, antivirus software
installed on a Microsoft Windows machine. The solution has two pieces: a service
, which monitors and scans every file when it is opened, and a manual scanner, which scans the file system
when a user requests it. Under normal conditions the service should scan the system permanently. However, if a user requests a manual scan, the service must stop temporarily to let the manual scanner work, otherwise every file would be scanned twice: by the manual scanner and by the service. To solve this problem the vendor chooses to implement an event based synchronization mechanism, where the service keeps a named event opened and checks it whenever a file is opened. If the event is unset the file is scanned, otherwise it is ignored. The manual scanner, then, to operate, opens the named event, sets it before scanning (disabling the service), scans the file system and resets the event back when finished. This design is prone to a squatting attack because a malicious program can set the named event and disable the service completely.
Computer science
Computer science or computing science is the study of the theoretical foundations of information and computation and of practical techniques for their implementation and application in computer systems...
, is a kind of DoS attack
Denial-of-service attack
A denial-of-service attack or distributed denial-of-service attack is an attempt to make a computer resource unavailable to its intended users...
where a program interferes with another program through the use of shared synchronization
Synchronization (computer science)
In computer science, synchronization refers to one of two distinct but related concepts: synchronization of processes, and synchronization of data. Process synchronization refers to the idea that multiple processes are to join up or handshake at a certain point, so as to reach an agreement or...
objects in an unwanted or unexpected way.
That attack is known in the Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
operating system, which offers named objects as an interprocess synchronization mechanism. With named objects, a process may open a synchronization object as a shared resource by just specifying a name. Subsequent processes may use the same name to open that resource and have a way to synchronize with the first process. The squatting attack is possible because, if the legitimate program does not enforce tight security rules for the resources, processes from arbitrary security contexts may gain access to them and ultimately take control of the system.
Consider, for example, antivirus software
Antivirus software
Antivirus or anti-virus software is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worm, trojan horses, spyware and adware...
installed on a Microsoft Windows machine. The solution has two pieces: a service
Windows Service
On Microsoft Windows operating systems, a Windows service is a long-running executable that performs specific functions and which is designed not to require user intervention. Windows services can be configured to start when the operating system is booted and run in the background as long as...
, which monitors and scans every file when it is opened, and a manual scanner, which scans the file system
File system
A file system is a means to organize data expected to be retained after a program terminates by providing procedures to store, retrieve and update data, as well as manage the available space on the device which contain it. A file system organizes data in an efficient manner and is tuned to the...
when a user requests it. Under normal conditions the service should scan the system permanently. However, if a user requests a manual scan, the service must stop temporarily to let the manual scanner work, otherwise every file would be scanned twice: by the manual scanner and by the service. To solve this problem the vendor chooses to implement an event based synchronization mechanism, where the service keeps a named event opened and checks it whenever a file is opened. If the event is unset the file is scanned, otherwise it is ignored. The manual scanner, then, to operate, opens the named event, sets it before scanning (disabling the service), scans the file system and resets the event back when finished. This design is prone to a squatting attack because a malicious program can set the named event and disable the service completely.