Glossary · Term

time-of-check time-of-use

← all terms

Definition

Plain language

A security gap where something is verified at one moment but actually used later, and an attacker slips in between.

As stated in the literature

TOCTOU — a race-condition class where a resource's state is validated and then used at different times, letting it change in between; in FloatDoor, the gap between auditing a model on one platform and deploying it on another.

Also called: TOCTOU, time-of-check, time-of-use

Why it matters: It shows that checking and using a resource at different moments leaves a window an attacker can exploit, including auditing a model on one chip and running it on another.

For example, a file is approved as safe and then swapped for a malicious one in the instant before it's actually opened.

Heard on the show

“The paper has a name for that window, borrowed from classic computer security: a time-of-check, time-of-use gap.”
Episode 158 — How Floating-Point Rounding Lets a Model Tell Which Chip It's On — And Misbehave

Mentioned in 1 episode

  1. 158
    How Floating-Point Rounding Lets a Model Tell Which Chip It's On — And Misbehave

Related terms