automatic placement of authorization hooks in the linux
play

Automatic Placement of Authorization Hooks in the Linux Security - PowerPoint PPT Presentation

Feb 11, 2023 •190 likes •604 views

Automatic Placement of Authorization Hooks in the Linux Security Modules Framework Vinod Ganapathy vg@cs.wisc.edu University of Wisconsin, Madison Joint work with Trent Jaeger Somesh Jha tjaeger@cse.psu.edu jha@cs.wisc.edu Pennsylvania

  1. Automatic Placement of Authorization Hooks in the Linux Security Modules Framework Vinod Ganapathy vg@cs.wisc.edu University of Wisconsin, Madison Joint work with Trent Jaeger Somesh Jha tjaeger@cse.psu.edu jha@cs.wisc.edu Pennsylvania State University University of Wisconsin, Madison

  2. Context of this talk � Authorization policies and their enforcement � Three concepts: � Subjects (e.g., users, processes) � Objects (e.g., system resources) � Security-sensitive operations on objects. � Authorization policy: � A set of triples: (Subject, Object, Operation) � Key question: How to ensure that the authorization policy is enforced? 2 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

  3. Enforcing authorization policies � Reference monitor consults the policy. � Application queries monitor at appropriate locations. Can I perform operation OP? Reference Monitor Application to Policy be secured Yes/No (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) 3 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

  4. Linux security modules framework � Framework for authorization policy enforcement. � Uses a reference monitor-based architecture. � Integrated into Linux-2.6 Linux Kernel Reference Monitor Policy (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) 4 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

  5. Linux security modules framework � Reference monitor calls ( hooks ) placed appropriately in the Linux kernel. � Each hook is an authorization query. Linux Kernel Reference Monitor Policy (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) Hooks 5 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

  6. Linux security modules framework � Authorization query of the form: (subj., obj., oper.)? � Kernel performs operation only if query succeeds. Linux Kernel Reference (subj., obj., oper.)? Monitor Yes/No Policy (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) 6 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

  7. Example Virtual File System Code for Directory Removal int vfs_rmdir(inode *dir, dentry *dentry) { … err = security_inode_rmdir(dir,dentry); if (!err) { dir->i_op->rmdir(dir,dentry); } } Linux Kernel Reference (subj., obj., oper.)? Monitor Yes/No Policy (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) 7 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

  8. Example Virtual File System Code for Directory Removal int vfs_rmdir(inode *dir, dentry *dentry) { … err = security_inode_rmdir(dir,dentry); if (!err) { dir->i_op->rmdir(dir,dentry); } } Linux Kernel Reference (subj., obj., oper.)? Monitor Yes/No Policy (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) 8 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

  9. Example Virtual File System Code for Directory Removal int vfs_rmdir(inode *dir, dentry *dentry) { … err = security_inode_rmdir(dir,dentry); if (!err) { dir->i_op->rmdir(dir,dentry); } } Linux Kernel Reference (subj., obj., oper.)? Monitor Yes/No Policy (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) 9 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

  10. Example Virtual File System Code for Directory Removal int vfs_rmdir(inode *dir, dentry *dentry) { … err = security_inode_rmdir(dir,dentry); if (!err) { dir->i_op->rmdir(dir,dentry); } } Linux Kernel Reference (subj., obj., oper.)? Monitor Yes/No Policy (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) 10 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

  11. Example Virtual File System Code for Directory Removal int vfs_rmdir(inode *dir, dentry *dentry) { … err = security_inode_rmdir(dir,dentry); if (!err) { dir->i_op->rmdir(dir,dentry); } } Linux Kernel Reference (subj., obj., oper.)? Monitor Yes/No Policy (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) Key: Hooks must achieve complete mediation. 11 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

  12. Hook placement is crucial � Must achieve complete mediation. � Security-sensitive operations must be mediated by a hook that authorizes the operation. � Current practice: � Hooks placed manually in the kernel. � Takes a long time: approx. 2 years for Linux security modules framework. � Can this achieve complete mediation? � Prior work has found bugs in hook placement. [Zhang et al., USENIX Security 2002, Jaeger et al., ACM CCS 2002] 12 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

  13. Main message of this talk Static analysis can largely autom ate authorization hook placem ent and achieve com plete m ediation 13 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

  14. Main message of this talk Static analysis can largely autom ate authorization hook placem ent and achieve com plete m ediation Reduces turnaround tim e of Linux Security Modules-like projects 14 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

  15. Main message of this talk Static analysis can largely autom ate authorization hook placem ent and achieve com plete m ediation Towards correctness by construction 15 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

  16. Key intuition: Matchmaking � Each kernel function performs an operation. � Each hook authorizes an operation. � Match kernel functions with appropriate hooks. Linux Kernel Reference op1,op2 Monitor op1,op2 op3 Policy (subj.,obj.,oper.) op3 (subj.,obj.,oper.) (subj.,obj.,oper.) (subj.,obj.,oper.) op1,op2,op3 (subj.,obj.,oper.) 16 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

  17. Tool for Authorization Hook Placement � Input: � A set of security-sensitive operations. � Source code of reference monitor hooks. � Source code of the Linux kernel, without hooks placed. � Output: � Linux kernel with hooks placed. 17 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

  18. Tool for Authorization Hook Placement TAHOE Hook code Linux kernel + hooks. Linux kernel, no hooks. 18 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

  19. Tool for Authorization Hook Placement TAHOE Operations Hook authorized Hook code analysis Hook Join Placer Linux kernel + hooks. Kernel Operations analysis perform ed Linux kernel, no hooks. 19 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

  20. Security-sensitive operations � We use the set of operations from the LSM implementation of SELinux. � Comprehensive set of operations on resources: � FILE_READ � DIR_READ � FILE_WRITE � DIR_WRITE � SOCKET_RECV_MESG � SOCKET_LISTEN � … (504 such operations) 20 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

  21. TAHOE Authorization hook analysis � Analyze source code of hooks and: � Recover the operations authorized. � Conditions under which they are authorized. � Example: int selinux_inode_permission(struct *inode, int mask) { op = 0; // s = info about process requesting operation if (mask & MAY_EXEC) op |= DIR_SEARCH; if (mask & MAY_WRITE) op |= DIR_WRITE; if (mask & MAY_READ) op |= DIR_READ; Query_Policy(s, inode, op); } 21 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

  22. TAHOE Authorization hook analysis int selinux_inode_permission(struct *inode, int mask) { op = 0; // s = info about process requesting operation if (mask & MAY_EXEC) op |= DIR_SEARCH; if (mask & MAY_WRITE) op |= DIR_WRITE; if (mask & MAY_READ) op |= DIR_READ; Query_Policy(s, inode, op); } � Flow-and-context-sensitive static analysis: � DIR_READ authorized if ` mask & MAY_READ’ � DIR_WRITE authorized if ` mask & MAY_WRITE’ � DIR_SEARCH authorized if ` mask & MAY_EXEC’ 22 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

  23. TAHOE Linux kernel analysis � Analyze Linux kernel to determine the security-sensitive operations performed by each function. � More challenging than hook analysis. � Example: Virtual File System Code for Directory Removal int vfs_rmdir (struct inode *dir, struct dentry *dentry) { ... dir->i_op->rmdir(dir, dentry); ... } Points to physical file system code 23 CCS 2005 Automatic Placement of Authorization Hooks in the Linux Security Modules Framework

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Firewalls, IPsec and Linux by Harald Welte <laforge@netfilter.org> Firewalls, IPsec and

Firewalls, IPsec and Linux by Harald Welte <laforge@netfilter.org> Firewalls, IPsec and

Firewalls, IPsec and Linux by Harald Welte <laforge@netfilter.org> Firewalls, IPsec and Linux Contents Introduction Highly Scalable Linux Network Stack Netfilter Hooks Packet selection based on IP Tables The Connection Tracking

444 views • 9 slides
D. Brent Sandy, Plowshares and Pruning Hooks: Rethinking the Language of Biblical Hooks:

D. Brent Sandy, Plowshares and Pruning Hooks: Rethinking the Language of Biblical Hooks:

D. Brent Sandy, Plowshares and Pruning Hooks: Rethinking the Language of Biblical Hooks: Rethinking the Language of Biblical Prophecy and Apocalyptic, Downers Grove, IL: InterVarsity Press, 2002 y , Plowshares and Pruning Hooks and the o

382 views • 10 slides
Tutorial 2 Automatic Placement & Routing Please follow the instructions found under Setup on

Tutorial 2 Automatic Placement & Routing Please follow the instructions found under Setup on

Tutorial 2 Automatic Placement & Routing Please follow the instructions found under Setup on the CADTA main page before starting this tutorial. 1.1. Start Encounter Log on to a VLSI server using your EE departmental username and password.

539 views • 23 slides
Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without authorization Authorization in Oxford Advanced Learner's Dictionary Object-oriented Databases authorization is the concept of allowing

70 views • 6 slides
Automatic Generation of Hierarchical Placement Rules for Analog Integrated Circuits M. Eick , M.

Automatic Generation of Hierarchical Placement Rules for Analog Integrated Circuits M. Eick , M.

Institute for Electronic Design Automation Technische Universitt Mnchen Automatic Generation of Hierarchical Placement Rules for Analog Integrated Circuits M. Eick , M. Strasser, H. Graeb, U. Schlichtmann Institute for Electronic Design

331 views • 32 slides
Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system distributions that use the Linux

562 views • 53 slides
Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably Authorization answers the question who is allowed to do what ? A first step in the development of an access control system is the

651 views • 53 slides
1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel

1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel

1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel Expense 4. Travel Regulations 2 Travel Authorization (See Next Slide for Detailed Steps) 2. Trip Information goes here 1. Budgetary Coding goes

319 views • 11 slides
Toward Automated Authorization Policy Enforcement Vinod Ganapathy Trent Jaeger Somesh Jha

Toward Automated Authorization Policy Enforcement Vinod Ganapathy Trent Jaeger Somesh Jha

Toward Automated Authorization Policy Enforcement Vinod Ganapathy Trent Jaeger Somesh Jha vg@cs.wisc.edu tjaeger@cse.psu.edu jha@cs.wisc.edu March 1 st , 2006 Second Annual Security-enhanced Linux Symposium Baltimore, Maryland Introduction

792 views • 39 slides
TimberWolf 7.0 Placement Perform TimberWolf placement Based on the given standard cell

TimberWolf 7.0 Placement Perform TimberWolf placement Based on the given standard cell

TimberWolf 7.0 Placement Perform TimberWolf placement Based on the given standard cell placement Initial HPBB wirelength = 23 Practical Problems in VLSI Physical Design TimberWolf Placement (1/16) First Swap Swap node b and e

340 views • 16 slides
Xerox/DOM Presentation Fall 2016 CONTENTS 1. Verifying Eligibility 2. Taxonomy Code Placement

Xerox/DOM Presentation Fall 2016 CONTENTS 1. Verifying Eligibility 2. Taxonomy Code Placement

Xerox/DOM Presentation Fall 2016 CONTENTS 1. Verifying Eligibility 2. Taxonomy Code Placement 3. Prior Authorization 4. Timely Filing Limits 5. Envision Web Portal Verifying Eligibility It is the responsibility of the Medicaid Provider to

602 views • 21 slides
Molina Healthcare Prior Authorization Prior Authorization is a request for prospective review. It

Molina Healthcare Prior Authorization Prior Authorization is a request for prospective review. It

Molina Healthcare Prior Authorization Prior Authorization is a request for prospective review. It is designed to : Assist in benefit determination Prevent unanticipated denials of coverage Create a collaborative approach to

187 views • 18 slides
Work Authorization Documents Work Authorization Document Control Account Information Control

Work Authorization Documents Work Authorization Document Control Account Information Control

Work Authorization Documents https://cametoolbox.fnal.gov/Project/WADReports?ProjectName=HL-L... Work Authorization Documents Work Authorization Document Control Account Information Control Account Manager: 10629N Nobrega, Fred Control

56 views • 5 slides
VLSI Placement Sadiq M. Sait & Habib Youssef December 1995 Placement Placement is the

VLSI Placement Sadiq M. Sait & Habib Youssef December 1995 Placement Placement is the

King Fahd University of Petroleum & Minerals College of Computer Sciences & Engineering Department of Computer Engineering VLSI Placement Sadiq M. Sait & Habib Youssef December 1995 Placement Placement is the process of

1.15k views • 52 slides
ADVANCED PLACEMENT The purpose of the Advanced Placement program is to provide the students with

ADVANCED PLACEMENT The purpose of the Advanced Placement program is to provide the students with

ADVANCED PLACEMENT The purpose of the Advanced Placement program is to provide the students with challenging coursework that culminates with an external examination. BENEFITS OF ADVANCED PLACEMENT Possible College Credit Early completion

601 views • 6 slides
Linux from Sensors to Servers ! When is Linux Not Linux? ! 1 1 Linux runs across a huge range

Linux from Sensors to Servers ! When is Linux Not Linux? ! 1 1 Linux runs across a huge range

Linux from Sensors to Servers ! When is Linux Not Linux? ! 1 1 Linux runs across a huge range of systems ! CC BY-SA 2.0 FHKE, Flickr 2 Whats the difference between Linux on a big thing and Linux on a little thing? ! 3 ! Whats the

900 views • 52 slides
Joe Lesser 3M Sash-to-Save 3M Joseph Lesser Advisor: Karl DeWahl 3M Overview

Joe Lesser 3M Sash-to-Save 3M Joseph Lesser Advisor: Karl DeWahl 3M Overview

Joe Lesser 3M Sash-to-Save 3M Joseph Lesser Advisor: Karl DeWahl 3M Overview 76,000 employees 56,000 products adhesives, abrasives, laminates, electronic circuits and optical films Operates in 60 countries

399 views • 21 slides
Liquid Type Inference under the Hood Micha Reiser Seminar Program Analysis & Transformation

Liquid Type Inference under the Hood Micha Reiser Seminar Program Analysis & Transformation

Liquid Type Inference under the Hood Micha Reiser Seminar Program Analysis & Transformation University of Applied Sciences Rapperswil 1 Motivation Liquid Type Inference Conclusion 2 Motivation Motivation for Liquid Types Proof

922 views • 77 slides
EXPERIMENTAL AND NUMERICAL MODELLING OF SECONDARY EMISSION CONTROL SYSTEM OF BOF (BASIC OXYGEN

EXPERIMENTAL AND NUMERICAL MODELLING OF SECONDARY EMISSION CONTROL SYSTEM OF BOF (BASIC OXYGEN

EXPERIMENTAL AND NUMERICAL MODELLING OF SECONDARY EMISSION CONTROL SYSTEM OF BOF (BASIC OXYGEN FURNACE) T. LAJOS, G. KRISTF, J. M. SUDA Department of Fluid Mechanics Budapest University of Technology and Economics Gy. FEHR, I. MSZROS

546 views • 12 slides
1 Regulatory Requirements Coke Ov en-Pushing Emissions New Mact Standards for Opacity (20%

1 Regulatory Requirements Coke Ov en-Pushing Emissions New Mact Standards for Opacity (20%

Industrial Accessories Company 4800 Lamar Ave Mission, Kansas 66202 Electric Arc Furnace Corporate Technologies Background www.iac-intl.com PP003 1 Regulatory Requirements Coke Ov en-Pushing Emissions New Mact Standards for Opacity

511 views • 29 slides
Quantum Internet Alliance <Speaker> <Affiliation> <contact details> This

Quantum Internet Alliance <Speaker> <Affiliation> <contact details> This

WP <NN>, TCM, November 2018 Quantum Internet Alliance <Speaker> <Affiliation> <contact details> This project (QIA) has received funding <Place and Date> from the European Unions Horizon 2020 research and

683 views • 8 slides
NCP Academy Horizon 2020 NCP Legal and Finance Training March 2018 Copenhagen www.ncpacademy.eu 2

NCP Academy Horizon 2020 NCP Legal and Finance Training March 2018 Copenhagen www.ncpacademy.eu 2

NCP Academy Horizon 2020 NCP Legal and Finance Training March 2018 Copenhagen www.ncpacademy.eu 2 NCP Academy achievements so far The NCP Academy has since 2015 developed and carried out trainings within four modules: Module A) Training

200 views • 8 slides
SunHorizon Sun Coupled Innovative Heat Pumps Solar and Thermal energy: Europe's precious

SunHorizon Sun Coupled Innovative Heat Pumps Solar and Thermal energy: Europe's precious

SunHorizon Project Executive Presentation Sustainable Places Conference 6 th June 2019 Cagliari SunHorizon Sun Coupled Innovative Heat Pumps Solar and Thermal energy: Europe's precious energy sources for efficient industries and

290 views • 11 slides
This project has received funding from the European Unions Horizon 2020 research and innovation

This project has received funding from the European Unions Horizon 2020 research and innovation

This project has received funding from the European Unions Horizon 2020 research and innovation programme under grant agreement No 730254 INtegrated analysis and modeling for the management of sustainable urban FWE ReSOURCEs Acronym :

228 views • 8 slides

More recommend