A Tamper Analysis and Endorsement Approach for Linux Security Modules
Open Access
Author:
Capobianco, Frank
Graduate Program:
Computer Science and Engineering
Degree:
Master of Science
Document Type:
Master Thesis
Date of Defense:
June 27, 2023
Committee Members:
Trent Ray Jaeger, Thesis Advisor/Co-Advisor Danfeng Zhang, Committee Member Chitaranjan Das, Program Head/Chair
Keywords:
Linux Security Modules Reference Monitor Tamper Analysis Operating System Security
Abstract:
The Linux operating system depends on Linux Security Modules (LSMs) to enforce
access control correctly. However, malicious process input used in authorization could tamper
LSM authorization. A question we explore in this thesis is whether a tamper analysis can be
produced that enables validation that all authorization queries performed by LSMs use inputs of
the expected integrity (i.e., are defined by the LSM). In this thesis, we discuss a tamper analysis
approach and data integrity endorsement strategy for LSMs. Our approach leverages a precise
information flow integrity analysis by constructing information flow integrity problems for
LSMs, through a combination of static analysis, that detect integrity violations and resolves many
integrity violations automatically through endorsement.
