skip to main content
10.1145/1133373.1133414acmotherconferencesArticle/Chapter ViewAbstractPublication PagesewConference Proceedingsconference-collections
Article

Gaining and maintaining confidence in operating systems security

Published: 01 July 2002 Publication History

Abstract

Recently, there has been a lot of work in the verification of security properties in programs. Engler et al. use static analysis to find flaws in the implementation of Linux device drivers, such as the failure to release locks [4]. Edwards et al. use static and dynamic analysis to verify that the authorization hooks of the Linux Security Modules (LSM) framework are placed such that all the necessary authorizations are performed [2, 12]. In addition, Shankar et al. and Larochelle et al. show how to use static analysis tools to find program vulnerabilities, such as buffer overflows and printf vulnerabilities [7, 10, 11]. Lastly, Necula et al. show that we use detect and leverage the cases in which C is used in a type-safe manner in order to detect memory errors [9]. Runtime verification can be used to detect errors in other cases.

References

[1]
M. Bishop and M. Dilger. Checking for race conditions in file accesses. Technical Report CSE-95-10, University of California at Davis, September 1995.]]
[2]
A. Edwards, T. Jaeger, and X. Zhang. Verifying authorization hook placement for the Linux Security Modules framework. TR 22254, IBM, December 2001.]]
[3]
M. Elsman, J. S. Foster, and A. Aiken. Carillon -- a system to find Y2K problems in C programs, user manual. www.cs.berkeley.edu/carillon, 1999.]]
[4]
D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of the 4th Symposium on Operation System Design and Implementation (OSDI), October 2000.]]
[5]
D. Evans. Static detection of dynamic memory errors. In SIGPLAN Conference on Programming Language Design and Implementation, 1996.]]
[6]
ITSEC. Common Criteria for Information Security Technology Evaluation. ITSEC, 1998. Available at www.commoncriteria.org.]]
[7]
D. Larochelle and D. Evans. Statically detecting likely buffer overflow vulnerabilities. In Proceedings of the Tenth USENIX Security Symposium, 2001.]]
[8]
NCSC. Trusted Computer Security Evaluation Criteria. National Computer Security Center, 1985. DoD 5200.28-STD, also known as the Orange Book.]]
[9]
G. Necula, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy code. In Proceedings of the Principles of Programming Languages, 2002.]]
[10]
U. Shankar, K. Talwar, J. S. Foster, and D. Wagner. Detecting format string vulnerabilities with type qualifiers. In Proceedings of the Tenth USENIX Security Symposium, 2001.]]
[11]
D. Wagner, J. Foster, E. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In NDSS Network and Distributed System Security Symposium, 2000.]]
[12]
X. Zhang, A. Edwards, and T. Jaeger. Using CQual for static analysis of authorization hook placement, February 2002. Submitted for conference publication.]]
  1. Gaining and maintaining confidence in operating systems security

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Other conferences
      EW 10: Proceedings of the 10th workshop on ACM SIGOPS European workshop
      July 2002
      258 pages
      ISBN:9781450378062
      DOI:10.1145/1133373
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 01 July 2002

      Permissions

      Request permissions for this article.

      Check for updates

      Qualifiers

      • Article

      Acceptance Rates

      Overall Acceptance Rate 37 of 37 submissions, 100%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • 0
        Total Citations
      • 369
        Total Downloads
      • Downloads (Last 12 months)9
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 20 Feb 2025

      Other Metrics

      Citations

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media