Towards Automated Authorization Policy Enforcement

In systems with shared resources, authorization policy enforcement ensures that these resources are accessible only to users who are allowed to do so. Recently, there is growing interest to (i) extend authorization policy enforcement mechanisms provided by the operating system, and (ii) enable user-space servers to enforce authorization policies on their clients. A popular mechanism for authorization policy enforcement retrofits the code to be secured with hooks to a reference monitor. This is the basis for the Linux security modules (LSM) framework, and is also the intended usage of the recently-released security-enhanced Linux policy management framework for user-space servers. Unfortunately, reference monitor hooks are currently placed manually in operating system and user-space server code. This approach is tedious, does not scale, and as prior work has shown in the context of LSM, is error-prone. Our research is on techniques to largely automate authorization hook placement. We have devised a technique to do so, and have tested its effectiveness by applying it to determine hook placement for the Linux kernel, and cross-validating it with LSM hook placement. Our initial results are encouraging, and we have extended our technique to work with user-space servers. In particular, we have applied the technique to determine authorization hook placement for the X11 server.