Skip to main content
SpringerLink
Log in

Runtime Verification of Linux Kernel Security Module

  • Conference paper
  • First Online:
Formal Methods. FM 2019 International Workshops (FM 2019)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 12233))

Included in the following conference series:

Abstract

The Linux kernel is one of the most important Free/Libre Open Source Software (FLOSS) projects. It is installed on billions of devices all over the world, which process various sensitive, confidential or simply private data. It is crucial to establish and prove its security properties. This work-in-progress paper presents a method to verify the Linux kernel for conformance with an abstract security policy model written in the Event-B specification language. The method is based on system call tracing and aims at checking that the results of system call execution do not lead to accesses that violate security policy requirements. As a basis for it, we use an additional Event-B specification of the Linux system call interface that is formally proved to satisfy all the requirements of the security policy model. In order to perform the conformance checks we use it to reproduce intercepted system calls and verify accesses.

This work has received funding from the Ministry of Education and Science of Russia under grant agreement RFMEFI60719X0295.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Publicly available part of the specification: https://github.com/17451k/base-model.

  2. 2.

    According to the Linux manual page

    http://man7.org/linux/man-pages/man2/open.2.html.

  3. 3.

    Code can be found here: https://github.com/17451k/base-model/tree/open.

  4. 4.

    The listed error codes are taken from the Linux kernel file

    include/uapi/asm-generic/errno-base.h.

References

  1. Abrial, J.R.: Modeling in Event-B: System and Software Engineering, 1st edn. Cambridge University Press, New York (2010)

    Book  Google Scholar 

  2. Abrial, J.R., et al.: Rodin: an open toolset for modelling and reasoning in event-B. Int. J. Softw. Tools Technol. Transf. 12(6), 447–466 (2010). https://doi.org/10.1007/s10009-010-0145-y

    Article  Google Scholar 

  3. Abrial, J.R., Hallerstede, S.: Refinement, decomposition, and instantiation of discrete models: application to event-B. Fundamenta Informaticae 77, 1–28 (2007)

    MathSciNet  MATH  Google Scholar 

  4. Bell, D.E., La Padula, L.J.: Secure Computer System: Unified Exposition and MULTICS Interpretation. ESD-TR-75-306, Electronic Systems DivisiDon, AFSC, Hanscom AFB, 1976 (1976)

    Google Scholar 

  5. Bell, D.E., LaPadula, L.J.: Secure Computer Systems: Mathematical Foundations. ESD-TR-73-278 v. 1, Electronic Systems Division, AFSC, Hanscom AFB (1973)

    Google Scholar 

  6. Belousov, K., Viro, A.: Linux kernel LSM file permission hook restriction bypass (2006). https://vulners.com/osvdb/OSVDB:25747

  7. Biba, K.: Integrity considerations for secure computer systems. Technical report MTR-3153, The MITRE Corporation (1977)

    Google Scholar 

  8. Devyanin, P.N.: The models of security of computer systems: access control and information flows. Goryachaya Liniya-Telecom, Moscow, Russia (2013). (in Russian)

    Google Scholar 

  9. Devyanin, P., Khoroshilov, A., Kuliamin, V., Petrenko, A., Shchepetkov, I.: Formal verification of OS security model with alloy and event-B. In: Ait Ameur, Y., Schewe, K.D. (eds.) ABZ 2014. LNCS, vol. 8477, pp. 309–313. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43652-3_30

    Chapter  Google Scholar 

  10. Devyanin, P.N., Khoroshilov, A.V., Kuliamin, V.V., Petrenko, A.K., Shchepetkov, I.V.: Using refinement in formal development of OS security model. In: Mazzara, M., Voronkov, A. (eds.) PSI 2015. LNCS, vol. 9609, pp. 107–115. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41579-6_9

    Chapter  MATH  Google Scholar 

  11. Edwards, A., Jaeger, T., Zhang, X.: Runtime verification of authorization hook placement for the Linux security modules framework. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 225–234. CCS 2002. ACM, New York (2002). https://doi.org/10.1145/586110.586141, http://doi.acm.org/10.1145/586110.586141

  12. Georget, L.: Add missing LSM hooks in MQ timed send, receive and splice (2016). http://thread.gmane.org/gmane.linux.kernel.lsm/28737

  13. Georget, L., Jaume, M., Tronel, F., Piolle, G., Tong, V.V.T.: Verifying the reliability of operating system-level information flow control systems in Linux. In: 2017 IEEE/ACM 5th International FME Workshop on Formal Methods in Software Engineering (FormaliSE), pp. 10–16, May 2017. https://doi.org/10.1109/FormaliSE.2017.1

  14. Goyal, V.: Overlayfs SELinux support (2016). https://lwn.net/Articles/693663/

  15. Guttman, J.D., Herzog, A.L., Ramsdell, J.D., Skorupka, C.W.: Verifying information flow goals in security-enhanced linux. J. Comput. Secur. 13(1), 115–134 (2005)

    Article  Google Scholar 

  16. Huynh, N., Frappier, M., Mammar, A., Laleau, R., Desharnais, J.: Validating the RBAC ANSI 2012 standard using B. In: Ait Ameur, Y., Schewe, K.D. (eds.) ABZ 2014. LNCS, vol. 8477, pp. 255–270. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43652-3_22

    Chapter  Google Scholar 

  17. ISO/IEC 15408–1:2009. Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model. ISO (2009)

    Google Scholar 

  18. ISO/IEC 15408–2:2008. Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional components. ISO (2008)

    Google Scholar 

  19. Jacob, B., Larson, P., Leitao, B., Da Silva, S.: SystemTap: instrumenting the Linux kernel for analyzing performance and functional problems. In: IBM Redbook, vol. 116 (2008)

    Google Scholar 

  20. Jurgens, D.: SELinux support for Infiniband RDMA (2016). https://lwn.net/Articles/684431/

  21. Kozachok, A.: TLA+ based access control model specification. In: Proceedings of the Institute for System Programming of the RAS, vol. 30, pp. 147–162, January 2018. https://doi.org/10.15514/ISPRAS-2018-30(5)-9

  22. Larson, P.: Testing Linux with the Linux test project. In: Ottawa Linux Symposium, p. 265 (2002)

    Google Scholar 

  23. Morris, J., Smalley, S., Kroah-Hartman, G.: Linux security modules: general security support for the Linux kernel. In: USENIX Security Symposium, pp. 17–31. ACM Berkeley, CA (2002)

    Google Scholar 

  24. RusBITech: Astra Linux® Special Edition. https://astralinux.ru/products/astra-linux-special-edition/

  25. Tsirunyan, K., Martirosyan, V., Tsyvarev, A.: The Spruce System: quality verification of Linux file systems drivers. In: Proceedings of the Spring/Summer Young Researchers Colloquium on Software Engineering. ISP RAS (2012)

    Google Scholar 

  26. Vykov, D.: Syzkaller (2015). https://github.com/google/syzkaller

  27. Write, C.: LSM update, another missing hook (2005). https://lwn.net/Articles/155496/

  28. Zanin, G., Mancini, L.V.: Towards a formal model for security policies specification and validation in the SELinux system. In: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies, pp. 136–145. ACM (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ISP RAS, Moscow, Russia

    Denis Efremov & Ilya Shchepetkov

Authors
  1. Denis Efremov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ilya Shchepetkov
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Denis Efremov .

Editor information

Editors and Affiliations

  1. McMaster University, Hamilton, ON, Canada

    Emil Sekerinski

  2. University of Porto, Porto, Portugal

    Nelma Moreira

  3. University of Minho, Braga, Portugal

    José N. Oliveira

  4. Argo Ai, Munich, Germany

    Daniel Ratiu

  5. University of Pisa, Pisa, Italy

    Riccardo Guidotti

  6. University of Liverpool, Liverpool, UK

    Marie Farrell

  7. University of Liverpool, Liverpool, UK

    Matt Luckcuck

  8. University of Exeter, Exeter, UK

    Diego Marmsoler

  9. University of Minho, Braga, Portugal

    José Campos

  10. University of Newcastle, Newcastle upon Tyne, UK

    Troy Astarte

  11. Claude Bernard University, Lyon, France

    Laure Gonnord

  12. Nazarbayev University, Nur-Sultan, Kazakhstan

    Antonio Cerone

  13. University of Surrey, Guildford, UK

    Luis Couto

  14. University of Surrey, Guildford, UK

    Brijesh Dongol

  15. University of Giessen, Giessen, Germany

    Martin Kutrib

  16. University of Lisbon, Lisbon, Portugal

    Pedro Monteiro

  17. Airbus Operations S.A.S., Toulouse, France

    David Delmas

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Efremov, D., Shchepetkov, I. (2020). Runtime Verification of Linux Kernel Security Module. In: Sekerinski, E., et al. Formal Methods. FM 2019 International Workshops. FM 2019. Lecture Notes in Computer Science(), vol 12233. Springer, Cham. https://doi.org/10.1007/978-3-030-54997-8_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-54997-8_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-54996-1

  • Online ISBN: 978-3-030-54997-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation