Runtime Verification of Linux Kernel Security Module
This addresses security verification for the Linux kernel, which is critical due to its widespread use, but it is incremental as it builds on existing formal methods and system call tracing.
The authors tackled the problem of verifying the Linux kernel's conformance to a security policy by developing a method based on system call tracing and Event-B specifications, aiming to check that system call executions do not violate security requirements, though no concrete results or numbers are provided as it is a work-in-progress.
The Linux kernel is one of the most important Free/Libre Open Source Software (FLOSS) projects. It is installed on billions of devices all over the world, which process various sensitive, confidential or simply private data. It is crucial to establish and prove its security properties. This work-in-progress paper presents a method to verify the Linux kernel for conformance with an abstract security policy model written in the Event-B specification language. The method is based on system call tracing and aims at checking that the results of system call execution do not lead to accesses that violate security policy requirements. As a basis for it, we use an additional Event-B specification of the Linux system call interface that is formally proved to satisfy all the requirements of the security policy model. In order to perform the conformance checks we use it to reproduce intercepted system calls and verify accesses.