TY - GEN
T1 - Automatic placement of authorization hooks in the linux security modules framework
AU - Ganapathy, Vinod
AU - Jaeger, Trent
AU - Jha, Somesh
PY - 2005
Y1 - 2005
N2 - We present a technique for automatic placement of authorization hooks, and apply it to the Linux security modules (LSM) framework. LSM is a generic framework which allows diverse authorization policies to be enforced by the Linux kernel. It consists of a kernel module which encapsulates an authorization policy, and hooks into the kernel module placed at appropriate locations in the Linux kernel. The kernel enforces the authorization policy using hook calls. In current practice, hooks are placed manually in the kernel. This approach is tedious, and as prior work has shown, is prone to security holes. Our technique uses static analysis of the Linux kernel and the kernel module to automate hook placement. Given a non-hook-placed version of the Linux kernel, and a kernel module that implements an authorization policy, our technique infers the set of operations authorized by each hook, and the set of operations performed by each function in the kernel. It uses this information to infer the set of hooks that must guard each kernel function. We describe the design and implementation of a prototype tool called TAHOE (Tool for Authorization Hook Placement) that uses this technique. We demonstrate the effectiveness of TAHOE by using it with the LSM implementation of security-enhanced Linux (SELinux). While our exposition in this paper focuses on hook placement for LSM, our technique can be used to place hooks in other LSM-like architectures as well.
AB - We present a technique for automatic placement of authorization hooks, and apply it to the Linux security modules (LSM) framework. LSM is a generic framework which allows diverse authorization policies to be enforced by the Linux kernel. It consists of a kernel module which encapsulates an authorization policy, and hooks into the kernel module placed at appropriate locations in the Linux kernel. The kernel enforces the authorization policy using hook calls. In current practice, hooks are placed manually in the kernel. This approach is tedious, and as prior work has shown, is prone to security holes. Our technique uses static analysis of the Linux kernel and the kernel module to automate hook placement. Given a non-hook-placed version of the Linux kernel, and a kernel module that implements an authorization policy, our technique infers the set of operations authorized by each hook, and the set of operations performed by each function in the kernel. It uses this information to infer the set of hooks that must guard each kernel function. We describe the design and implementation of a prototype tool called TAHOE (Tool for Authorization Hook Placement) that uses this technique. We demonstrate the effectiveness of TAHOE by using it with the LSM implementation of security-enhanced Linux (SELinux). While our exposition in this paper focuses on hook placement for LSM, our technique can be used to place hooks in other LSM-like architectures as well.
UR - http://www.scopus.com/inward/record.url?scp=33745766475&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33745766475&partnerID=8YFLogxK
U2 - 10.1145/1102120.1102164
DO - 10.1145/1102120.1102164
M3 - Conference contribution
AN - SCOPUS:33745766475
SN - 1595932267
SN - 9781595932266
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 330
EP - 339
BT - CCS 2005 - Proceedings of the 12th ACM Conference on Computer and Communications Security
T2 - CCS 2005 - 12th ACM Conference on Computer and Communications Security
Y2 - 7 November 2005 through 11 November 2005
ER -