|
29.
07.
2008
Tool Support for Statically Checking Confidentiality of Kernel Code
Benjamin Engel
TU Dresden
Verteidigung der Diplom-Arbeit
Showing automatically that a program preserves the confidentiality of the data it
works on improves the confidence in it and increases security. Therefore we
developed a tool that allows us to prove non-interference of C++ kernel code by
checkng its information flow security. We use a flow-sensitive approach to infer
data dependencies for a rich subset of C++. Among the supported features are
function calls, objects, static variables, references and Java-style pointers. This
allows us to automatically analyze a variety of C++ code, while only small manual
modifications of the source code are necessary. We facilitate an abstract memory
model to represent the state of the program and show that data flowing between
statements solely flows through this memory model. To show the feasibility of our
approach we analyzed an optimized path of a system call in the Fiasco Microkernel,
namely the ipc_short_cut(). The detected information flow is conform to the L4
Reference Manual.
|
