Source: Columbia University
Just as errors in sequential programs can lead to security exploits, errors in concurrent programs can lead to concurrency attacks. Questions such as whether these attacks are real and what characteristics they have remain largely unknown. In this paper, the authors present a preliminary study of concurrency attacks and the security implications of real concurrency errors. Their study yields several interesting findings. For instance, they observe that the exploit-ability of a concurrency error depends on the duration of the timing window within which the error may occur.