Consistency analysis of authorization hook placement in the Linux security modules framework

Trent Jaeger, Antony Edwards, Xiaolan Zhang

Research output: Contribution to journalArticle

31 Scopus citations

Abstract

We present a consistency analysis approach to assist the Linux community in verifying the correctness of authorization hook placement in the Linux Security Modules (LSM) framework. The LSM framework consists of a set of authorization hooks inserted into the Linux kernel to enable additional authorizations to be performed (e.g., for mandatory access control). When compared to system call interposition, authorization within the kernel has both security and performance advantages, but it is more difficult to verify that placement of the LSM hooks ensures that all the kernel's security-sensitive operations are authorized. Static analysis has been used previously to verified mediation (i.e., that some hook mediates access to a security-sensitive operation), but that work did not determine whether the necessary set of authorizations were checked. In this paper, we develop an approach to test the consistency of the relationships between security-sensitive operations and LSM hooks. The idea is that whenever a security-sensitive operation is performed as part of specifiable event, a particular set of LSM hooks must have mediated that operation. This work demonstrates that the number of events that impact consistency is manageable and that the notion of consistency is useful for verifying correctness. We describe our consistency approach for performing verification, the implementation of run-time tools that implement this approach, the anomalous situations found in an LSM-patched Linux 2.4.16 kernel, and an implementation of a static analysis version of this approach.

Original languageEnglish (US)
Pages (from-to)175-205
Number of pages31
JournalACM Transactions on Information and System Security
Volume7
Issue number2
DOIs
StatePublished - May 1 2004

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Consistency analysis of authorization hook placement in the Linux security modules framework'. Together they form a unique fingerprint.

  • Cite this