Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
Runtime verification of authorization hook placement for the linux security modules framework
Proceedings of the 9th ACM conference on Computer and communications security
Using CQUAL for Static Analysis of Authorization Hook Placement
Proceedings of the 11th USENIX Security Symposium
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
Automatic placement of authorization hooks in the linux security modules framework
Proceedings of the 12th ACM conference on Computer and communications security
A Portable Compiler-Integrated Approach to Permanent Checking
ASE '06 Proceedings of the 21st IEEE/ACM International Conference on Automated Software Engineering
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Hi-index | 0.00 |
Security labels of subjects and objects are crucial for some security policies and are an essential part of the TrustedBSD MAC framework. We find that security labels not being destroyed properly will result in memory leaks. This paper analyzes the security labels management of the TrustedBSD MAC framework and presents a path-sensitive static analysis approach to detect potential memory leaks caused by the security label management. This approach verifies complete destruction of security labels through compiler-integrated checking rules at compile-time. It achieves complete coverage of execution paths and has low false positive rate.