Awards

Laurent Georget, Mathieu Jaume (LIP6), Guillaume Piolle, Frédéric Tronel and Valérie Viet Triem Tong received the best paper award at the SEFM'17 conference , which is a well established conference focused on the link between software development and formal methods. This publication is based on the work realized by Laurent Georget during his PhD. It focuses on the automated verification of the correctness of an information flow monitor that operates at the kernel level (Linux kernel). This information flow monitor relies on the Linux Security Module (LSM hereafter) framework. This framework has been designed for mandatory access control. This work tries to answer the question of its correctness when used for information flow monitoring. The verification is operated by a GCC plugin during the compilation phase of a full Linux kernel. Based on an ad-hoc static analysis, it can determine if the LSM hooks are correctly placed with respect to a property of complete mediation of systems calls. Each system call that is known to generate an information flow during its execution (34 system calls on a grand total of 340) is analyzed to determine if the LSM framework through the hooks it provides can intercept each execution that potentially generates an information flow. We have demonstrated that for 4 system calls, the hooks are not well placed, and discovered that 4 systems calls are simply lacking LSM hooks. A patch has been produced to improve this situation.

Best Paper Award: