Automatic Placement of Authorization Hooks in the Linux Security Modules Framework
We present a technique for automatic placement of authorization hooks,
and apply it to the Linux security modules (LSM) framework. LSM is a
generic framework which allows diverse authorization policies to be
enforced by the Linux kernel. It consists of a kernel module which
encapsulates an authorization policy, and hooks into the kernel module
placed at appropriate locations in the Linux kernel. The kernel
enforces the authorization policy using hook calls. In current
practice, hooks are placed manually in the kernel. This approach is
tedious, and as prior work has shown, is prone to security holes.
Our technique uses static analysis of the Linux kernel and the kernel
module to automate hook placement. Given a non-hook-placed version of
the Linux kernel, and a kernel module that implements an authorization
policy, our technique infers the set of operations authorized by each
hook, and the set of operations performed by each function in the
kernel. It uses this information to infer the set of hooks that must
guard each kernel function. We describe the design and implementation
of a prototype tool called TAHOE (Tool for Authorization Hook
Placement) that uses this technique. We demonstrate the effectiveness
of TAHOE by using it with the LSM implementation of security-enhanced
Linux (SELinux). While our exposition in this paper focuses on hook
placement for LSM, our technique can be used to place hooks in other
LSM-like architectures as well.
Download:[PS,PDF]
Somesh Jha
Last modified: Thu Mar 23 14:09:51 CST 2006