Article

Automatic placement of authorization hooks in the linux security modules framework

Authors:

Vinod Ganapathy,

Somesh JhaAuthors Info & Claims

CCS '05: Proceedings of the 12th ACM conference on Computer and communications security

Pages 330 - 339

https://doi.org/10.1145/1102120.1102164

Published: 07 November 2005 Publication History

Abstract

We present a technique for automatic placement of authorization hooks, and apply it to the Linux security modules (LSM) framework. LSM is a generic framework which allows diverse authorization policies to be enforced by the Linux kernel. It consists of a kernel module which encapsulates an authorization policy, and hooks into the kernel module placed at appropriate locations in the Linux kernel. The kernel enforces the authorization policy using hook calls. In current practice, hooks are placed manually in the kernel. This approach is tedious, and as prior work has shown, is prone to security holes.Our technique uses static analysis of the Linux kernel and the kernel module to automate hook placement. Given a non-hook-placed version of the Linux kernel, and a kernel module that implements an authorization policy, our technique infers the set of operations authorized by each hook, and the set of operations performed by each function in the kernel. It uses this information to infer the set of hooks that must guard each kernel function. We describe the design and implementation of a prototype tool called TAHOE (Tool for Authorization Hook Placement) that uses this technique. We demonstrate the effectiveness of TAHOE by using it with the LSM implementation of security-enhanced Linux (selinux). While our exposition in this paper focuses on hook placement for LSM, our technique can be used to place hooks in other LSM-like architectures as well.

References

[1]

J. P. Anderson. Computer security technology planning study, volume II. Technical Report ESD-TR-73-51, Deputy for Command and Management Systems, HQ Electronics Systems Division (AFSC), L. G. Hanscom Field, Bedford, MA, October 1972.

[2]

L. Badger, D. Sterne, D. Sherman, K. Walker, and S. Haghighat. A domain and type enforcement UNIX prototype. In 5th USENIX UNIX Security, June 1995.

Digital Library

[3]

H. Chen. Lightweight Model Checking for Improving Software Security. PhD thesis, University of California, Berkeley, Fall 2004.

Digital Library

[4]

D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific programmer-written compiler extensions. In 4th ACM/USENIX OSDI, December 2000.

Digital Library

[5]

J. S. Foster, M. Fahndrich, and A. Aiken. A theory of type qualifiers. In ACM SIGPLAN PLDI, May 1999.

Digital Library

[6]

M. R. Garey and D. S. Johnson. Computers and Intractability. Freeman, New York, NY, 1979.

Digital Library

[7]

L. Gong and G. Ellison. Inside JavaTM 2 Platform Security: Architecture, API Design, and Implementation. Pearson Education, 2003.

Digital Library

[8]

J. D. Guttman, A. L. Herzog, J. D. Ramsdell, and C. W. Skorupka. Verifying information flow goals in security-enhanced Linux. JCS, 13(1):115--134, 2005.

Digital Library

[9]

Example idioms. www.cs.wisc.edu/~vg/papers/ccs2005a/idioms.html.

[10]

T. Jaeger, A. Edwards, and X. Zhang. Consistency analysis of authorization hook placement in the Linux security modules framework. ACM TISSEC, 7(2):175--205, May 2004.

Digital Library

[11]

T. Jaeger, R. Sailer, and X. Zhang. Analyzing integrity protection in the SELinux example policy. In 12th USENIX Security, August 2003.

Digital Library

[12]

D. Kilpatrick, W. Salamon, and C. Vance. Securing the X Window system with SELinux. Technical Report 03-006, NAI Labs, March 2003.

[13]

L. Koved, M. Pistoia, and A. Kershenbaum. Access rights analysis for Java. In ACM SIGPLAN OOPSLA, November 2002.

Digital Library

[14]

X. Leroy, D. Doligez, J. Garrigue, D. Rémy, and J. Vouillon. The Objective Caml system (release 3.08). Technical report, INRIA Rocquencourt, July 2004.

[15]

P. Loscocco and S. Smalley. Integrating flexible support for security policies into the Linux operating system. In USENIX Annual Technical, June 2001.

Digital Library

[16]

J. McLean. The specification and modeling of computer security. IEEE Computer, 23(1):9--16, 1990.

Digital Library

[17]

S. S. Muchnick. Advanced Compiler Design and Implementation. Morgan Kaufmann, 1997.

Digital Library

[18]

G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In 11th Intl. Conf. on Compiler Construction, April 2002.

Digital Library

[19]

M. Sharir and A. Pnueli. Two approaches to interprocedural dataflow analysis. In S. Muchnick and N. Jones, editors, Program Flow Analysis: Theory and Applications, pages 189--233. Prentice Hall, 1981.

[20]

Simplify. http://research.compaq.com/SRC/esc/Simplify.html.

[21]

Tresys Technology. Security-enhanced Linux policy management framework. http://sepolicy-server.sourceforge.net.

[22]

C. Wright, C. Cowan, S. Smalley, J. Morris, and G. Kroah-Hartman. Linux security modules: General security support for the Linux kernel. In 11th USENIX Security, August 2002.

Digital Library

[23]

X. Zhang, A. Edwards, and T. Jaeger. Using CQUAL for static analysis of authorization hook placement. In 11th USENIX Security, August 2002.

Digital Library

Cited By

Thorn SEnglish KButler KEnck WKim YKim JKoushanfar FRasmussen K(2024)5GAC-Analyzer: Identifying Over-Privilege Between 5G Core Network FunctionsProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656134(66-77)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1145/3643833.3656134
Varshith HSural SVaidya JAtluri V(2024)Efficiently Supporting Attribute-Based Access Control in LinuxIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.329942921:4(2012-2026)Online publication date: Jul-2024
https://doi.org/10.1109/TDSC.2023.3299429
Inam MChen YGoyal ALiu JMink JMichael NGaur SBates AHassan W(2023)SoK: History is a Vast Early Warning System: Auditing the Provenance of System Intrusions2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179405(2620-2638)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179405
Show More Cited By

Index Terms

Automatic placement of authorization hooks in the linux security modules framework
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security

Recommendations

Analyzing the Overhead of File Protection by Linux Security Modules
ASIA CCS '21: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security

Over the years, the complexity of the Linux Security Module (LSM) is keeping increasing (e.g. 10,684 LOC in Linux v2.6.0 vs. 64,018 LOC in v5.3), and the count of the authorization hooks is nearly doubled (e.g. 122 hooks in v2.6.0 vs. 224 hooks in v5.3)...
Runtime verification of authorization hook placement for the linux security modules framework
CCS '02: Proceedings of the 9th ACM conference on Computer and communications security

We present runtime tools to assist the Linux community in verifying the correctness of the Linux Security Modules (LSM) framework. The LSM framework consists of a set of authorization hooks inserted into the Linux kernel to enable additional ...
Consistency analysis of authorization hook placement in the Linux security modules framework

We present a consistency analysis approach to assist the Linux community in verifying the correctness of authorization hook placement in the Linux Security Modules (LSM) framework. The LSM framework consists of a set of authorization hooks inserted into ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '05: Proceedings of the 12th ACM conference on Computer and communications security

November 2005

422 pages

ISBN:1595932267

DOI:10.1145/1102120

General Chair:
Vijay Atluri
Rutgers University
,
Program Chairs:
Catherine Meadows
Naval Research Laboratory
,
Ari Juels
RSA Laboratories

Copyright © 2005 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS05

Sponsor:

CCS05: 12th ACM Conference on Computer and Communications Security 2005

November 7 - 11, 2005

VA, Alexandria, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

38
Total Citations
View Citations
824
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)1

Reflects downloads up to 26 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Thorn SEnglish KButler KEnck WKim YKim JKoushanfar FRasmussen K(2024)5GAC-Analyzer: Identifying Over-Privilege Between 5G Core Network FunctionsProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656134(66-77)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1145/3643833.3656134
Varshith HSural SVaidya JAtluri V(2024)Efficiently Supporting Attribute-Based Access Control in LinuxIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.329942921:4(2012-2026)Online publication date: Jul-2024
https://doi.org/10.1109/TDSC.2023.3299429
Inam MChen YGoyal ALiu JMink JMichael NGaur SBates AHassan W(2023)SoK: History is a Vast Early Warning System: Auditing the Provenance of System Intrusions2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179405(2620-2638)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179405
Dunlap TEnck WReaves BDietrich SChowdhury OTakabi D(2022)A Study of Application Sandbox Policies in LinuxProceedings of the 27th ACM on Symposium on Access Control Models and Technologies10.1145/3532105.3535016(19-30)Online publication date: 7-Jun-2022
https://dl.acm.org/doi/10.1145/3532105.3535016
Zhou JZhang TShen WLee DJung CAzab AWang RNing PRen K(2022)Automatic Permission Check Analysis for Linux KernelIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.3165368(1-1)Online publication date: 2022
https://doi.org/10.1109/TDSC.2022.3165368
Liu JKandikuppa ABates A(2022)Transparent DIFC: Harnessing Innate Application Event Logging for Fine-Grained Decentralized Information Flow Control2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP53844.2022.00037(487-501)Online publication date: Jun-2022
https://doi.org/10.1109/EuroSP53844.2022.00037
Tian CWang YLiu PWang YDai RZhou AXu Z(2020)Prihook: Differentiated Context-Aware Hook Placement for Different Owners' Smartphones2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom50675.2020.00087(615-622)Online publication date: Dec-2020
https://doi.org/10.1109/TrustCom50675.2020.00087
Berger BNguempnang RSohr KKoschke R(2020)Static Extraction of Enforced Authorization Policies SeeAuthz2020 IEEE 20th International Working Conference on Source Code Analysis and Manipulation (SCAM)10.1109/SCAM51674.2020.00026(187-197)Online publication date: Sep-2020
https://doi.org/10.1109/SCAM51674.2020.00026
Hong DKloosterman JJin YCao YChen QMahlke SMao Z(2020)AVGuardian: Detecting and Mitigating Publish-Subscribe Overprivilege for Autonomous Vehicle Systems2020 IEEE European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP48549.2020.00035(445-459)Online publication date: Sep-2020
https://doi.org/10.1109/EuroSP48549.2020.00035
Skalka CDarais DJaeger TCapobianco F(2020)Types and Abstract Interpretation for Authorization Hook Advice2020 IEEE 33rd Computer Security Foundations Symposium (CSF)10.1109/CSF49147.2020.00018(139-152)Online publication date: Jun-2020
https://doi.org/10.1109/CSF49147.2020.00018
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten