Using CQUAL for static analysis of authorization hook placement

Xiaolan Zhang, Antony Edwards, Trent Jaeger

Research output: Chapter in Book/Report/Conference proceedingConference contribution


The Linux Security Modules (LSM) framework is a set of authorization hooks for implementing flexible access control in the Linux kernel. While much effort has been devoted to defining the module interfaces, little attention has been paid to verifying the correctness of hook placement. This paper presents a novel approach to the verification of LSM authorization hook placement using CQUAL, a type-based static analysis tool. With a simple CQUAL lattice configuration and some GCC-based analyses, we are able to verify complete mediation of operations on key kernel data structures. Our results reveal some potential security vulnerabilities of the current LSM framework, one of which we demonstrate to be exploitable. Our experiences demonstrate that combinations of conceptually simple tools can be used to perform fairly complex analyses.

Original languageEnglish (US)
Title of host publicationProceedings of the 11th USENIX Security Symposium
PublisherUSENIX Association
ISBN (Electronic)1931971005, 9781931971003
StatePublished - Jan 1 2002
Event11th USENIX Security Symposium - San Francisco, United States
Duration: Aug 5 2002Aug 9 2002

Publication series

NameProceedings of the 11th USENIX Security Symposium


Conference11th USENIX Security Symposium
Country/TerritoryUnited States
CitySan Francisco

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'Using CQUAL for static analysis of authorization hook placement'. Together they form a unique fingerprint.

Cite this