Zhouyi Zhou
Email: <zhouzhouyi AT FreeBSD DOT org>
...
High everyone, I am a new comer. My job in SOC 2007 is writing a testsuite for Security Subsystem for FreeBSD/TrustedBSD. I am also interested in GCC and GDB besides FreeBSD.
- The main objective of this stage is to test the correctness of FreeBSD Mandatory Access Control Framework including correctly passing the security label from userland to kernel and non-bypassibility of Mandatory Access Control Hooks.
Work performed:
Use mygcc to perform static analysis of MAC Framework, the condate language file: ex5.chk -- Dr. Xinsong Wu has taken significant responsibility of coding and result analysis, Robert Watson helps revising the paper.
- Constructed a pair of pseudo ethernet drivers used for testing network related hooks. To avoid the packet go through the lo interface, the IP address in the packet is twisted in the driver.
- Constructed a framework for logging Mandatory Access Control hooks which is got called during a period of time.
- In kernel, every non-null label is got externalized into human readable string and recorded in a tail queue together with the name of hook that got called and possible flags or modes (etc. VREAD/VWRITE for mac_check_vnode_open hook). There is a thread much like audit subsystem's audit_worker logging the queue into a userspace file. The userland program use open, ioctl and close the /dev/mactest node to trigger and stop the logging. The logging file is truncated to zero every time the logging mechanism is triggered.
- In userland, a bison based parsing tool is used to parse the logged file and reconstruct the record chain which will be compared with testsuite supplied configuration file to examine if expected hooks is got called and the label/flags/modes are correct. c) The testsuite mainly follows src/tools/regression/fstest, modified to adapt to test Mandatory Access Control Framework and include tests for signals
- The test cases about mandatory access control hooks for fifo, link, mdconfig, netinet, open, pipe, rename, rmdir, signal, symlink, sysvshm and truncate are generated. Two security vulnerabilities are found during the test case writing.
- Use constraint resolver STP[people.csail.mit.edu/vganesh/stp.html] to help generating the MAC labels as parameters.
The source code of project can be found on MAC Test's perforce repository.
Meet with PCBSD guys in AsiaBSDCon 2008 (trip sponsored by google):