Secretly monopolizing the CPU without superuser privileges

Dan Tsafrir, Yoav Etsion, Dror G. Feitelson

Research output: Contribution to conferencePaperpeer-review

33 Scopus citations

Abstract

We describe a “cheat” attack, allowing an ordinary process to hijack any desirable percentage of the CPU cycles without requiring superuser/administrator privileges. Moreover, the nature of the attack is such that, at least in some systems, listing the active processes will erroneously show the cheating process as not using any CPU resources: the “missing” cycles would either be attributed to some other process or not be reported at all (if the machine is otherwise idle). Thus, certain malicious operations generally believed to have required overcoming the hardships of obtaining root access and installing a rootkit, can actually be launched by non-privileged users in a straightforward manner, thereby making the job of a malicious adversary that much easier. We show that most major general-purpose operating systems are vulnerable to the cheat attack, due to a combination of how they account for CPU usage and how they use this information to prioritize competing processes. Furthermore, recent scheduler changes attempting to better support interactive workloads increase the vulnerability to the attack, and naive steps taken by certain systems to reduce the danger are easily circumvented. We show that the attack can nevertheless be defeated, and we demonstreate this by implementing a patch for Linux that eliminates the problem with negligible overhead.

Original languageEnglish
Pages239-256
Number of pages18
StatePublished - 2007
Externally publishedYes
Event16th USENIX Security Symposium - Boston, United States
Duration: 6 Aug 200710 Aug 2007

Conference

Conference16th USENIX Security Symposium
Country/TerritoryUnited States
CityBoston
Period6/08/0710/08/07

Bibliographical note

Publisher Copyright:
© 2007 USENIX Association. All rights reserved.

Fingerprint

Dive into the research topics of 'Secretly monopolizing the CPU without superuser privileges'. Together they form a unique fingerprint.

Cite this