Applying flow-sensitive CQUAL to verify MINIX authorization check placement

Authors:
Timothy Fraser;Nick L. Petroni, Jr.;William A. Arbaugh
Affiliations:
University of Maryland;University of Maryland;University of Maryland
Venue:
Proceedings of the 2006 workshop on Programming languages and analysis for security
Year:
2006

Citing 11
Cited 4

A theory of type qualifiers

Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
Verifying Security

ACM Computing Surveys (CSUR)
Flow-sensitive type qualifiers

PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Using CQUAL for Static Analysis of Authorization Hook Placement

Proceedings of the 11th USENIX Security Symposium
Linux Security Modules: General Security Support for the Linux Kernel

Proceedings of the 11th USENIX Security Symposium
Software development and proofs of multi-level security

ICSE '76 Proceedings of the 2nd international conference on Software engineering
Using Programmer-Written Compiler Extensions to Catch Security Holes

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
MECA: an extensible, expressive system and language for statically checking security properties

Proceedings of the 10th ACM conference on Computer and communications security
Model Checking An Entire Linux Distribution for Security Violations

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Detecting format string vulnerabilities with type qualifiers

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Finding user/kernel pointer bugs with type inference

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13

Type qualifier inference for java

Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
CMV: automatic verification of complete mediation for java virtual machines

Proceedings of the 2008 ACM symposium on Information, computer and communications security
Programming languages and program analysis for security: a three-year retrospective

ACM SIGPLAN Notices
Automating security mediation placement

ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present the first use of flow-sensitive CQUAL to verify the placement of operating system authorization checks. Our analysis of MINIX 3 system servers and discovery of a non-exploitable Time-Of-Check/Time-Of-Use bug demonstrate the effectiveness of flow sensitive CQUAL and its advantage over earlier flow-insensitive versions. We also identify and suggest alternatives to current CQUAL usability features that encourage analysts to make omissions that cause the otherwise sound tool to produce false-negative results.