Monday, October 3, 2005
4:00 - 5:00 PM
2310 CS
|
Department of Computer Sciences, University of Wisconsin, Madison ( web)
Automatic Placement of Authorization Hooks in the Linux Security Modules Framework
We present a technique for automatic placement of
authorization hooks, and apply it to the Linux security
modules (LSM) framework. LSM is a generic framework
which allows diverse authorization policies to be
enforced by the Linux kernel. It consists of a kernel
module which encapsulates an authorization policy, and
hooks into the kernel module placed at appropriate
locations in the Linux kernel. The kernel enforces the
authorization policy using hook calls. In current
practice, hooks are placed manually in the kernel. This
approach is tedious, and as prior work has shown, is
prone to security holes.
Our technique uses static analysis of the Linux kernel
and the kernel module to automate hook placement. Given
a non-hook-placed version of the Linux kernel, and a
kernel module that implements an authorization policy,
our technique infers the set of operations authorized by
each hook, and the set of operations performed by each
function in the kernel. It uses this information to
infer the set of hooks that must guard each kernel
function. We describe the design and implementation of a
prototype tool called TAHOE (Tool for Authorization Hook
Placement) that uses this technique. We demonstrate the
effectiveness of TAHOE by using it with the LSM
implementation of security-enhanced Linux
(SELinux). While our exposition in this paper focuses on
hook placement for LSM, our technique can be used to
place hooks in other LSM-like architectures as well.
Conference practice talk.
|
Monday, October 10, 2005
4:00 - 5:00 PM
2310 CS
|
Guangwu Xu
Department of EE & CS, University of Wisconsin, Milwaukee
Elliptic Curve Cryptography and Some Efficient Implementations
Cryptosystems based on elliptic curves have the
advantage of achieving the same security with smaller
key size. Several elliptic curve crypto-schemes have
been adopted as the government standard. In this talk,
we shall start by introducing the discrete logarithm
problem in general. Then we shall discuss elliptic curve
groups and elliptic curve cryptography. In the last
part, we shall describe an efficient arithmetic on a
family of curves of practical interest---the Koblitz
curves.
|
Created and maintained by Mihai Christodorescu (
http://www.cs.wisc.edu/~mihai)
Created: Fri Jul 29 11:34:22 2005
Last modified: Fri Jul 29 11:35:25 Central Daylight Time 2005