Skip to main content
SpringerLink
Log in

Producing Hook Placements to Enforce Expected Access Control Policies

  • Conference paper
Book cover Engineering Secure Software and Systems (ESSoS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8978))

Included in the following conference series:

Abstract

Many security-sensitive programs manage resources on behalf of mutually distrusting clients. To control access to resources, authorization hooks are placed before operations on those resources. Manual hook placements by programmers are often incomplete or incorrect, leading to insecure programs. We advocate an approach that automatically identifies the set of locations to place authorization hooks that mediates all security-sensitive operations in order to enforce expected access control policies at deployment. However, one challenge is that programmers often want to minimize the effort of writing such policies. As a result, they may remove authorization hooks that they believe are unnecessary, but they may remove too many hooks, preventing the enforcement of some desirable access control policies.

In this paper, we propose algorithms that automatically compute a minimal authorization hook placement that satisfies constraints that describe desirable access control policies. These authorization constraints reduce the space of enforceable access control policies; i.e., those policies that can be enforced given a hook placement that satisfies the constraints. We have built a tool that implements this authorization hook placement method, demonstrating how programmers can produce authorization hooks for real-world programs and leverage policy goal-specific constraint selectors to automatically identify many authorization constraints. Our experiments show that our technique reduces manual programmer effort by as much as 58% and produces placements that reduce the amount of policy specification by as much as 30%.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. F.38. sepgsql (2013), http://www.postgresql.org/docs/9.1/static/sepgsql.html

  2. Anderson, J.P.: Computer security technology planning study, volume II. Technical Report ESD-TR-73-51, HQ Electronics Systems Division (AFSC) (October 1972)

    Google Scholar 

  3. Bell, D.E., LaPadula, L.J.: Secure computer system: Unified exposition and Multics interpretation. Technical Report ESD-TR-75-306, HQ Electronic Systems Division (AFSC) (March 1976)

    Google Scholar 

  4. Carter, J.: Using GConf as an Example of How to Create an Userspace Object Manager. In: 2007 SELinux Symposium (2007)

    Google Scholar 

  5. Walsh, D.: Selinux/apache, http://fedoraproject.org/wiki/SELinux/apache

  6. Edwards, A., Jaeger, T., Zhang, X.: Runtime verification of authorization hook placement for the Linux security modules framework. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 225–234 (2002)

    Google Scholar 

  7. Ganapathy, V., Jaeger, T., Jha, S.: Automatic placement of authorization hooks in the Linux Security Modules framework. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 330–339 ( November 2005)

    Google Scholar 

  8. Ganapathy, V., Jaeger, T., Jha, S.: Retrofitting legacy code for authorization policy enforcement. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy, pp. 214–229 (May 2006)

    Google Scholar 

  9. Ganapathy, V., King, D., Jaeger, T., Jha, S.: Mining security-sensitive operations in legacy code using concept analysis. In: Proceedings of the 29th International Conference on Software Engineering (ICSE) (May 2007)

    Google Scholar 

  10. Gong, L., Schemers, R.: Implementing protection domains in the javatm development kit 1.2. In: NDSS (1998)

    Google Scholar 

  11. Love, R.: Get on the D-BUS (January 2005), http://www.linuxjournal.com/article/7744

  12. Multilevel security in the department of defense: The basics (1995), http://nsi.org/Library/Compsec/sec0.html

  13. Muthukumaran, D., Jaeger, T., Ganapathy, V.: Leveraging “choice” to automate authorization hook placement. In: CCS 2012: Proceedings of the 19th ACM Conference on Computer and Communications Security, page TBD. ACM Press (October 2012)

    Google Scholar 

  14. Necula, G.C., McPeak, S., Rahul, S.P., Weimer, W.: Cil: Intermediate language and tools for analysis and transformation of c programs. In: Nigel Horspool, R. (ed.) CC 2002. LNCS, vol. 2304, pp. 213–228. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  15. Politz, J.G., Eliopoulos, S.A., Guha, A., Krishnamurthi, S.: Adsafety: type-based verification of javascript sandboxing. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, p. 12. USENIX Association (2011)

    Google Scholar 

  16. SE-PostgreSQL? (2009), http://archives.postgresql.org/message-id/20090718160600.GE5172@fetter.org

    Google Scholar 

  17. Son, S., McKinley, K.S., Shmatikov, V.: Rolecast: finding missing security checks when you do not know what checks are. In: Proceedings of the 2011 ACM International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA 2011, pp. 1069–1084. ACM (2011)

    Google Scholar 

  18. Sun, F., Xu, L., Su, Z.: Static detection of access control vulnerabilities in web applications. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, p. 11. USENIX Association (2011)

    Google Scholar 

  19. Tan, L., Zhang, X., Ma, X., Xiong, W., Zhou, Y.: Autoises: automatically inferring security specifications and detecting violations. In: Proceedings of the 17th Conference on Security Symposium, pp. 379–394. USENIX Association (2008)

    Google Scholar 

  20. Implement keyboard and event security in X using XACE (2006), https://dev.laptop.org/ticket/260

  21. Implement keyboard and event security in X using XACE (2006), https://dev.laptop.org/ticket/260

  22. Xorg-Server Announcement (2008), http://lists.x.org/archives/xorg-announce/2008-March/000458.html

  23. Zhang, X., Edwards, A., Jaeger, T.: Using CQUAL for static analysis of authorization hook placement. In: Proceedings of the 11th USENIX Security Symposium, pp. 33–48 (August 2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Imperial College, London, United Kingdom

    Divya Muthukumaran

  2. The Pennsylvania State University, University Park, PA, United States

    Nirupama Talele & Trent Jaeger

  3. Lehigh University, Bethlehem, PA, United States

    Gang Tan

Authors
  1. Divya Muthukumaran
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nirupama Talele
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Trent Jaeger
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Gang Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. iMinds-DistriNet, KU Leuven, Belgium

    Frank Piessens

  2. IMDEA Software Institute, Campus de Montegancedo S/N, 28223, Pozuelo de Alarcón, Spain

    Juan Caballero

  3. Inria Sophia Antipolis – Mediterranee, 2004 route des Lucioles, B.P. 93, 06902, Sophia Antipolis Cedex, France

    Nataliia Bielova

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Muthukumaran, D., Talele, N., Jaeger, T., Tan, G. (2015). Producing Hook Placements to Enforce Expected Access Control Policies. In: Piessens, F., Caballero, J., Bielova, N. (eds) Engineering Secure Software and Systems. ESSoS 2015. Lecture Notes in Computer Science, vol 8978. Springer, Cham. https://doi.org/10.1007/978-3-319-15618-7_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-15618-7_14

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-15617-0

  • Online ISBN: 978-3-319-15618-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation