|
Security 2002 Paper   
[Security '02 Tech Program Index]
Next: Introduction
Using CQUAL for Static Analysis of Authorization Hook Placement
Xiaolan Zhang & Antony Edwards & Trent Jaeger
Abstract:
The Linux Security Modules (LSM) framework is a set of
authorization hooks for implementing flexible access control in the
Linux kernel. While much effort has been devoted to defining the
module interfaces, little attention has been paid to verifying the
correctness of hook placement. This paper presents a novel approach
to the verification of LSM authorization hook placement using CQUAL, a
type-based static analysis tool. With a simple CQUAL lattice
configuration and some GCC-based analyses, we are able to verify
complete mediation of operations on key kernel data structures. Our
results reveal some potential security vulnerabilities of the current
LSM framework, one of which we demonstrate to be exploitable. Our
experiences demonstrate that combinations of conceptually simple tools
can be used to perform fairly complex analyses.
Catherine Zhang 2002-05-13 |
This paper was originally published in the
Proceedings of the 11th USENIX Security Symposium,
August 59, 2002, San Francisco, CA, USA
Last changed: 19 June 2002 aw |
|