Runtime verification of authorization hook placement for the Linux Security Modules framework

Antony Edwards, Trent Jaeger, Xiaolan Zhang

Research output: Contribution to journalConference article

28 Scopus citations

Abstract

We present runtime tools to assist the Linux community in verifying the correctness of the Linux Security Modules (LSM) framework. The LSM framework consists of a set of authorization hooks inserted into the Linux kernel to enable additional authorizations to be performed (e.g., for mandatory access control). When compared to system call interposition, authorization within the kernel has both security and performance advantages, but it is more difficult to verify that placement of the LSM hooks ensures that all the kernel's security-sensitive operations are authorized. We have examined both static and runtime analysis techniques for this verification, and have found them to be complementary. Static analysis is more complex to implement and tends to generate more false positives, but coverage of all type-safe execution paths is possible. Runtime analysis lacks the code and input coverage of static analysis, but tends to be simpler to gather useful information. The major simplifying factor in our runtime verification approach is that we can leverage the fact that most of the LSM hooks are properly placed to identify misplaced hooks. Our runtime verification tools collect the current LSM authorizations and find inconsistencies in these authorizations. We describe our approach for performing runtime verification, the design of the tools that implement this approach, and the anomalous situations found in an LSM-patched Linux 2.4.16 kernel.

Original languageEnglish (US)
Pages (from-to)225-234
Number of pages10
JournalProceedings of the ACM Conference on Computer and Communications Security
DOIs
StatePublished - Jan 1 2002
EventProceedings of the 9th ACM Conference on Computer and Communications Security - Washington, DC, United States
Duration: Nov 18 2002Nov 22 2002

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Runtime verification of authorization hook placement for the Linux Security Modules framework'. Together they form a unique fingerprint.

  • Cite this