Authorization Paper Appeared at CCS 2005

Posted 12 November 2005

Vinod Ganapathy Somesh Jha The paper Automatic Placement of Authorization Hooks in the Linux Security Modules Framework co-authored by Vinod Ganapathy, Trent Jaeger (Penn State) and Somesh Jha appeared at the ACM Conference on Computer and Communications Security (CCS 2005). The conference was held November 7–11 in Alexandria, Virginia.

The paper, presented at the conference by Vinod Ganapathy, demonstrated a static analysis-based technique to place authorization hooks in the Linux kernel. Given a non-hook-placed version of the Linux kernel and a reference monitor which implements an authorization policy, the technique infers the set of operations authorized by each hook and the set of operations performed by each function in the kernel. It uses this information to infer the set of hooks that must guard each kernel function. The authors presented a prototype tool, called TAHOE, that used this technique to automatically place hooks in the Linux Security Modules (LSM) implementation of SELinux. The algorithms employed by TAHOE can be used to place authorization hooks in other LSM-like architectures as well.

The paper is available online: [Abstract] [pdf]

<< Back to index

This page updated November 14, 2005.