Using CQUAL for static analysis of authorization hook placement

Xiaolan Zhang, Antony Edwards, Trent Jaeger

Research output: Chapter in Book/Report/Conference proceedingConference contribution

80 Scopus citations

Abstract

The Linux Security Modules (LSM) framework is a set of authorization hooks for implementing flexible access control in the Linux kernel. While much effort has been devoted to defining the module interfaces, little attention has been paid to verifying the correctness of hook placement. This paper presents a novel approach to the verification of LSM authorization hook placement using CQUAL, a type-based static analysis tool. With a simple CQUAL lattice configuration and some GCC-based analyses, we are able to verify complete mediation of operations on key kernel data structures. Our results reveal some potential security vulnerabilities of the current LSM framework, one of which we demonstrate to be exploitable. Our experiences demonstrate that combinations of conceptually simple tools can be used to perform fairly complex analyses.

Original languageEnglish (US)
Title of host publicationProceedings of the 11th USENIX Security Symposium
PublisherUSENIX Association
ISBN (Electronic)1931971005, 9781931971003
Publication statusPublished - Jan 1 2002
Event11th USENIX Security Symposium - San Francisco, United States
Duration: Aug 5 2002Aug 9 2002

Publication series

NameProceedings of the 11th USENIX Security Symposium

Conference

Conference11th USENIX Security Symposium
CountryUnited States
CitySan Francisco
Period8/5/028/9/02

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Cite this

Zhang, X., Edwards, A., & Jaeger, T. (2002). Using CQUAL for static analysis of authorization hook placement. In Proceedings of the 11th USENIX Security Symposium (Proceedings of the 11th USENIX Security Symposium). USENIX Association.