Edit WYSIWYGattachfile Attach PDF Raw View►More Actions▼More Actions

Restore topic to revision: You will be able to review the topic before saving it to a new revision

Copy text and form data to a new topic (no attachments will be copied though).
Name of copy:
You will be able to review the copied topic before saving

Rename/move topic... scans links in all public webs (recommended)
Rename/move topic... scans links in CBI_ComputerSecurity web only
Delete topic... scans links in all public webs (recommended)
Delete topic... scans links in CBI_ComputerSecurity web only

Revision Date Username Comment
225 Feb 2014 - 10:05norqu036? 
116 Feb 2014 - 20:03norqu036? 

Render style:     Context:

 History: r2 < r1
[X] Hide this message.
Notice: On June 30, 2016, UMWiki service will be decommissioned. If you have information in UMWIki that needs to be preserved, you should make plans to move it before that date. Google Sites is anticipated to be the most popular and appropriate alternative for users because it offers a more modern and user-friendly interface and unlimited capacity. To learn more about the features of Google Sites and other alternatives, and to identify which one best fits your needs, see the University’s Website Solution Selection Guide. If you have concerns or would like help regarding this change and your options, please contact Technology Help at help@umn.edu
You are here: UMWiki>CBI_ComputerSecurity Web>Mechanisms>MechanismsTimeofCheckError (25 Feb 2014, norqu036)

Current Activitieslock Who is Who?lock People Programs Publications CSHW_2014 Systems Events Mechanisms

Time-of-Check to Time-of-Use Error

A time-of-check to time-of-use error occurs during the lag between the time when an operating system checks to make sure that an instruction is authorized for the current user (the time of check), and the time when the instruction is actually executed (the time of use). Under some circumstances, it is possible for the instruction and any associated files to be altered (presumably by a malicious program) during the lag. This would then allow the current user to execute an instruction that had not actually been authorized by the operating system. It is a sort of "bait and switch" that can be executed by a malicious program if the vulnerability is discovered.(1)

This vulnerability occurs because, in order to improve efficiency, modern processors and operating systems will often change the order in which instructions are executed. If the execution of an instruction at the time of use is delayed because the operating system or processor judges another instruction to be more urgent, it can create an exploitable lag. The operating system checks every instruction against an access policy that dictates what the current user is and isn't allowed to access. In order to verify, the operating system checks the user identity and other relevant parameters against tables that dictate levels of authorization. The operating system then generates a work ticket for the instruction (or file containing multiple instructions) so that when the processor does get around to executing it, the processor "knows" that the file has already been authenticated. The lag that can be exploited occurs during the time when the work ticket is being generated but before it is applied to the instruction or file.(2)

There are, however, ways to prevent such errors. One way is to use digital signatures and certificates (such as the kind used in the Diffie Hellman Key Exchange) so that the time of check is verified at the time of use.(3)


1 , 2 , 3 : Charles P. Pfleeger and Shari Lawrence Pfleeger, Security in Computing. 3rd Edition, New Jersey: Prentice Hall, 2003.

Topic revision: r2 - 25 Feb 2014 - 10:05:45 - norqu036
Signed in as lewi0740 (NicLewis) | Sign out
UMWiki UMWiki
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding UMWiki? Send feedback