Towards Automated Authorization Policy Enforcement
In systems with shared resources, authorization policy enforcement
ensures that these resources are accessible only to users who are
allowed to do so. Recently, there is growing interest to (i) extend
authorization policy enforcement mechanisms provided by the operating
system, and (ii) enable user-space servers to enforce authorization
policies on their clients. A popular mechanism for authorization
policy enforcement retrofits the code to be secured with hooks to a
reference monitor. This is the basis for the Linux security modules
(LSM) framework, and is also the intended usage of the
recently-released security-enhanced Linux policy management framework
for user-space servers. Unfortunately, reference monitor hooks are
currently placed manually in operating system and user-space server
code. This approach is tedious, does not scale, and as prior work has
shown in the context of LSM, is error-prone. Our research is on
techniques to largely automate authorization hook placement. We have
devised a technique to do so, and have tested its effectiveness by
applying it to determine hook placement for the Linux kernel, and
cross-validating it with LSM hook placement. Our initial results are
encouraging, and we have extended our technique to work with
user-space servers. In particular, we have applied the technique to
determine authorization hook placement for the X11 server.
Download:[PS,PDF]
Somesh Jha
Last modified: Fri Sep 22 16:28:58 CDT 2006