Runtime verification of authorization hook placement for the Linux Security Modules framework

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2002, Pages 225-234

  Edwards, Antony ^a   Jaeger, Trent ^a   Zhang, Xiaolan ^a  

^a IBM T J WATSON RESEARCH CENTER   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER AIDED SOFTWARE ENGINEERING; COMPUTER SOFTWARE SELECTION AND EVALUATION; DATA STRUCTURES; INTERFACES (COMPUTER); RESPONSE TIME (COMPUTER SYSTEMS); SECURITY OF DATA;

AUTHORIZATION HOOK PLACEMENT; LINUX SECURITY MODULES; MANDATORY ACCESS CONTROL; RUNTIME VERIFICATION; STATIC ANALYSIS;

COMPUTER OPERATING SYSTEMS;

EID: 0037673305     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/586139.586141     Document Type: Conference Paper

References (18)

1. K. Ashcraft and D. Engler. Using programmer-written compiler extensions to catch security holes. In Proceedings of the IEEE Symposium on Security and Privacy 2002, May 2002.
2. M. Bishop and M. Dilger. Checking for race conditions in file accesses. Computing Systems, 9(2):131-152, 1996.
3. H. Chen and D. Wagner. MOPS: An infrastructure for examining security properties of software. In Proceedings of the 9th Conference on Computer and Communications Security, November 2002.
4. A. Edwards, T. Jaeger, and X. Zhang. Runtime verification of authorization hook placement for the Linux Security Modules framework. Technical Report RC22254, IBM Research, December 2001.
5. D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of the Fourth Symposium on Operation System Design and Implementation (OSDI), October 2000.
6. J. Foster, M. Fahndrich, and A. Aiken. A theory of type qualifiers. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '99), pages 192-203, May 1999.
7. P. Gutmann. The design and verification of a cryptographic security architecture, August 2000. Submitted thesis. Available at www.cs.auckland.ac.nz/pgut001/pubs/thesis/html.
8. ITSEC. Common Criteria for Information Security Technology Evaluation. ITSEC, 1998, Available atwww.commoncriteria.org.
9. T. Jaeger, X. Zhang, and A. Edwards. Maintaining the correct of the Linux Security Modules framework. In Proceedings of the 2002 Ottawa Linux Symposium, pages 223-241, June 2002.
10. E. Koutsofios and S. North. Drawing graphs with Dot. Available at http://www.research.att.com/sw/tools/graphviz/.
11. K. Koved, M. Pistoia, and A. Kerschenbaum. Access rights analysis for Java. In Proceedings of 17th Annual ACM Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), November 2002.
12. D. Larochelle and D. Evans. Statically detecting likely buffer overflow vulnerabilities. In Proceedings of the Tenth USENIX Security Symposium, pages 177-190, August 2001.
13. NCSC. Trusted Computer Security Evaluation Criteria. National Computer Security Center, 1985, DoD 5200.28-STD, also known as the Orange Book.
14. G.C. Necula, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy code. In Proceedings of the 29th ACM Symposium on Principles of Programming Languages (POPL02), January 2002.
15. U. Shankar, K. Talwar, J.S. Foster, and D. Wagner. Detecting format string vulnerabilities with type qualifiers. In Proceedings of the Tenth USENIX Security Symposium, pages 201-216, August 2001.
16. J. Viega, J. Bloch, Y. Kohno, and G. McGraw, ITS4: A static vulnerability scanner for C and C++ code. In Proceedings of 2000 Annual Security Applications Conference, December 2000.
17. D. Wagner, J.S. Foster, E.A. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Proceedings of Network and Distributed System Security Symposium (NDSS 2000), February 2000.
18. X. Zhang, A. Edwards, and T. Jaeger, Using CQUAL for static analysis of authorization hook placement. In Proceedings of the 11th USENIX Security Symposium, August 2002.