Consistency analysis of authorization hook placement in the Linux security modules framework

ACM Transactions on Information and System Security

Volumn 7, Issue 2, 2004, Pages 175-205

  Jaeger, Trent ^a,c   Edwards, Antony ^b,c   Zhang, Xiaolan ^a,c  

^a IBM T J WATSON RESEARCH CENTER   (United States)

^b Symbian Ltd   (United Kingdom)

^c NONE   (United Kingdom)

Author keywords

Access control models; Authorization mechanisms; Role based access control

Indexed keywords

LINUX SECURITY MODULES; SOFTWARE CONFIGURATION MANAGEMENT; UNAUTHORIZED ACCESS;

DATA HANDLING; DATA PRIVACY; OBJECT ORIENTED PROGRAMMING; SECURITY OF DATA; SOFTWARE ENGINEERING; STATISTICAL METHODS;

COMPUTER OPERATING SYSTEMS;

EID: 3142518085     PISSN: 10949224     EISSN: None     Source Type: Journal    
DOI: 10.1145/996943.996944     Document Type: Article

References (26)

1. ANDERSON, J. P. 1972. Computer Security Technology Planning Study. Tech. Rep. ESD-TR-73-51, Air Force Electronic Systems Division.
2. ASHCRAFT, K. AND ENGLER, D. 2002. Using programmer-written compiler extensions to catch security holes. In Proceedings of the IEEE Symposium on Security and Privacy.
3. BALL, T., COOK, B., LEVIN, V., AND RAJAMANI, S. K. 2003. SLAM and static driver verifier: Technology transfer of formal methods inside Microsoft. In Integrated Formal Methods, Lecture Notes in Computer Science, vol. 2999.1-20. Also appears at MSR-TE-2004-8.
4. DAS, M., LERNER, S., AND SEIGLE, M. 2002. ESP: Path-sensitive program verification in polynomial time. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'02).
5. BISHOP, M. AND DILGER, M. 1996. Checking for race conditions in file accesses. Computing Systems, 9, 2, 131-152.
6. CHEN, H. AND WAGNER, D. 2002. MOPS: An infrastructure for examining security properties of software. In Proceedings of the 9th Conference on Computer and Communications Security.
7. CHEN, H., DEAN, D., AND WAGNER, D. 2004. Model checking one million lines of C code. In Proceedings of Network and Distributed System Security Symposium (NDSS 2004).
8. CHAKI, S., CLARKE, E., GROCE, A., JHA, S., AND VEITH, H. 2003. Modular verification of software components in C. In Proceedings of the 25th International Conference on Software Engineering (ICSE 2003). 385-395.
9. EDWARDS, A., JAEGER, T., AND ZHANG, X. 2001. Runtime verification of Authorization Hook Placement for the Linux Security Modules Framework. Tech. Rep. RC22254, IBM Research.
10. ENGLER, D., CHELF, B., CHOU, A., AND HALLEM, S. 2000. Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of the Fourth Symposium on Operation System Design and Implementation (OSDI).
11. HALLEM, S., CHELF, B., XIE, Y., AND ENGLER, D. 2002. A system and language for building system-specific, static analyses (appeared in PLDI 2002). In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '02).
12. FOSTER, J., FAHNDRICH, M., AND AIKEN, A. 1999. A theory of type qualifiers. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '99). 192-203.
13. GANAPATHY, V., JHA, S., CHANDLER, D., MELSKI, D., AND VITEK, D. 2003. Buffer overrun detection using linear programming and static analysis. In Proceedings of the 10th ACM Conference on Computer and Communications Security.
14. GUTMANN, P. 2000. The Design and Verification of a Cryptographic Security Architecture. Submitted thesis. Available at www.cs.auckland.ac.nz/pgut001/ pubs/thesis.html.
15. ITSEC. 1998. Common Criteria for Information Security Technology Evaluation. ITSEC. Available at www.commoncriteria.org.
16. JAEGER, T., ZHANG, X., AND EDWARDS, A. 2002. Maintaining the correct of the Linux Security Modules framework. In Proceedings of the 2002 Ottawa Linux Symposium. 223-241.
17. LARSON, E. AND AUSTIN, T. 2003. High coverage detection of input-related security faults. In Proceedings of the 12th USENIX Security Symposium.
18. KOUTSOFIOS, E. AND NORTH, S. Drawing graphs with Dot. Available at http://www.research.att.com/sw/tools/graphviz/.
19. KOVED, L., PISTOLA, M., AND KERSCHENBAUM, A. 2002. Access rights analysis for Java. In Proceedings of 17th Annual ACM Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA).
20. LAROCHELLE, D. AND EVANS, D. 2001. Statically detecting likely buffer overflow vulnerabilities. In Proceedings of the Tenth USENIX Security Symposium. 177-190.
21. NCSC. 1985. Trusted Computer Security Evaluation Criteria. National Computer Security Center. DoD 5200.28-STD, also known as the Orange Book.
22. SHANKAR, U., TALWAR, K., FOSTER, J. S., AND WAGNER, D. 2001. Detecting format string vulnerabilities with type qualifiers. In Proceedings of the Tenth USENIX Security Symposium. 201-216.
23. VIEGA, J., BLOCH, J., KOHNO, Y., AND MCGRAW, G. 2000. ITS4: A static vulnerability scanner for C and C++ code. In Proceedings of 2000 Annual Security Applications Conference.
24. WAGNER, D., FOSTER, J. S., BREWER, E. A., AND AIKEN, A. 2000. A first step towards automated detection of buffer overrun vulnerabilities. In Proceedings of Network and Distributed System Security Symposium (NDSS 2000).
25. ZHANG, X., EDWARDS, A., AND JAEGER, T. 2002. Using CQual for static analysis of authorization hook placement. In Proceedings of the 11th USENIX Security Symposium.
26. ZHANG, X., MARCEAU, G., JAEGER, T., AND KOVED, L. Translation of C programs for static analysis by the JaBA framework. Internal draft document to become an IBM technical report.