Cited By
View all- Meng JWang YLei LKou CWang P(2024)A Lightweight Defense Scheme Against Usermode Helper Privilege Escalation Using Linux CapabilityInformation Security10.1007/978-3-031-75757-0_10(190-208)Online publication date: 24-Oct-2024
LiCA: A Fine-grained and Path-sensitive Linux Capability Analysis Framework
Pages 364 - 379
Abstract
The capability mechanism in Linux-based systems is designed for dispersing the root privileges into a set of more refined capabilities, making programs gain no-more-necessary privileges. However, it is challenging to check the necessity and sufficiency of capabilities assigned to programs due to the highly complicated call chains invoked in practice. Inappropriate capability assignment brings threats to the systems. For example, over-privileged programs could allow an attacker to misuse root privileges, while under-privileged programs may incur runtime errors.
In this paper, we propose a new Linux capability analysis framework called LiCA to find necessary and sufficient capabilities for programs effectively. LiCA presents fine-grained and path-sensitive code flow analysis based on LLVM to construct accurate mappings between system calls and their capabilities. In particular, we solve the constraint equations along each path from a given system call to individual capabilities and strategically overcome the path explosion problem. Our experiments show that LiCA can correctly find necessary capabilities for the Linux utility programs (e.g., ping and tcpdump) and the public programs from GitHub. By comparing the capabilities claimed by program developers and the results from LiCA, we identify a batch of programs requiring more capabilities than necessary, even root privileges. Therefore, LiCA could help those third-party developers validate their programs’ capability setting to achieve the least privilege principle.
References
[1]
1996. strace(1) - Linux man page. https://linux.die.net/man/1/strace
[2]
[2] 2018. https://nxnjz.net/2018/08/an-interesting-privilege-escalation-vector-getcap/
[3]
2019. CVE - CVE-2019-12594. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12594.
[4]
2021. aledwmorris/probedhcp: Simple program for sending IPv4 DHCP packets with increasing TTL. https://github.com/aledwmorris/probedhcp/tree/master.
[5]
2021. alobbs/macchanger: GNU MAC Changer. https://github.com/alobbs/macchanger.
[6]
2021. aoh/radamsa: a general-purpose fuzzer. https://github.com/aoh/radamsa.
[7]
2021. Becoming Root Through Overprivileged Processes | by Vickie Li | Better Programming. https://betterprogramming.pub/becoming-root-through-overprivileged-processes-f26f83e18059.
[8]
2021. DOSBox, an x86 emulator with DOS. https://www.dosbox.com/.
[9]
2021. hastho/dosbox-pigeos. https://github.com/hastho/dosbox-pigeos.
[10]
2021. jupyter. https://github.com/jsand66/jupyter/blob/master/setcap.txt.
[11]
2021. kongbiji/scan_iface. https://github.com/kongbiji/scan_iface/tree/master.
[12]
2021. The OCaml bindings distributed with LLVM. https://opam.ocaml.org/packages/llvm/
[13]
2021. Paul Warren / iftop · GitLab. https://code.blinkace.com/pdw/iftop
[14]
2021. PayloadsAllTheThings/Linux - Privilege Escalation.md at master · swisskyrepo/PayloadsAllTheThings · GitHub. https://github.com/swisskyrepo/PayloadsAllTheThings.
[15]
2021. Privilege escalation via Docker - Chris Foster. https://fosterelli.co/privilege-escalation-via-docker.html.
[16]
2021. reddit/mcsauna: Track hottest memcached keys by regex in a graphite-friendly format.https://github.com/reddit/mcsauna.
[17]
2022. The LLVM Compiler Infrastructure Project. https://llvm.org/.
[18]
2022. LLVM, Intermediate Representation, and Static Analysis! Oh My! - GaZAR. https://gazar.eu/2021/02/21/llvm-intermediate-representation-and-static-analysis-oh-my/.
[19]
[19] Canonical.2019. http://manpages.ubuntu.com/manpages/precise/man7/capabilities.7.html
[20]
John Criswell, Jie Zhou, Spyridoula Gravani, and Xiaoyu Hu. 2019. PrivAnalyzer: Measuring the Efficacy of Linux Privilege Use. Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019(2019), 593–604. https://doi.org/10.1109/DSN.2019.00065
[21]
Leonardo De Moura and Nikolaj Bjørner. 2008. Z3: An efficient SMT solver. In International conference on Tools and Algorithms for the Construction and Analysis of Systems. Springer, 337–340.
[22]
M.S. Erden, H. Komoto, T.J. van Beek, V. D’Amelio, E. Echavarria, and T. Tomiyama. 2008. A review of function modeling: Approaches and applications. Artificial Intelligence for Engineering Design, Analysis and Manufacturing 22, 2 (2008), 147–169. https://doi.org/10.1017/s0890060408000103
[23]
Serge E Hallyn and Andrew G Morgan. 2008. Linux capabilities: Making them work. (2008).
[24]
Xiaoyu Hu, Jie Zhou, Spyridoula Gravani, and John Criswell. 2018. Transforming code to drop dead privileges. Proceedings - 2018 IEEE Cybersecurity Development Conference, SecDev 2018February 2019(2018), 45–52. https://doi.org/10.1109/SecDev.2018.00014
[25]
Ken Kennedy. 1978. Use-definition chains with applications. Computer Languages 3, 3 (1978), 163–179. https://doi.org/10.1016/0096-0551(78)90009-7
[26]
Michael Kerrisk. 2012. CAP_SYS_ADMIN: the new root. https://lwn.net/Articles/486306/
[27]
James C King. 1976. Symbolic execution and program testing. Commun. ACM 19, 7 (1976), 385–394.
[28]
Saparya Krishnamoorthy, Michael S. Hsiao, and Loganathan Lingappan. 2010. Tackling the Path Explosion Problem in Symbolic Execution-Driven Test Generation for Programs. In 2010 19th IEEE Asian Test Symposium. 59–64. https://doi.org/10.1109/ATS.2010.19
[29]
Suyeol Lee, Jaehyun Nam, Junsik Seo, and Seungwon Shin. 2019. Poster: TCLP: Enforcing least privileges to prevent containers from kernel vulnerabilities. Proceedings of the ACM Conference on Computer and Communications Security (2019), 2665–2667. https://doi.org/10.1145/3319535.3363282
[30]
Xin Lin, Lingguang Lei, Yuewu Wang, Jiwu Jing, Kun Sun, and Quan Zhou. 2018. A Measurement Study on Linux Container Security: Attacks and Countermeasures. In Proceedings of the 34th Annual Computer Security Applications Conference (San Juan, PR, USA) (ACSAC ’18). Association for Computing Machinery, New York, NY, USA, 418–429. https://doi.org/10.1145/3274694.3274720
[31]
Kangjie Lu and Hong Hu. 2019. Where Does It Go? Refining Indirect-Call Targets with Multi-Layer Type Analysis. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security(London, United Kingdom) (CCS ’19). Association for Computing Machinery, New York, NY, USA, 1867–1881. https://doi.org/10.1145/3319535.3354244
[32]
Kangjie Lu and Hong Hu. 2019. Where Does It Go?: Refining Indirect-Call Targets with Multi-Layer Type Analysis. 1867–1881. https://doi.org/10.1145/3319535.3354244
[33]
Novell. 2020. Home · Wiki · AppArmor / apparmor. https://gitlab.com/apparmor/apparmor/-/wikis/home
[34]
Jan Obdržálek and Marek Trtík. 2011. Efficient Loop Navigation for Symbolic Execution. In Automated Technology for Verification and Analysis, Tevfik Bultan and Pao-Ann Hsiung (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 453–462.
[35]
Philipp Dominik Schubert, Ben Hermann, and Eric Bodden. 2019. PhASAR: An Inter-procedural Static Analysis Framework for C/C++. In Tools and Algorithms for the Construction and Analysis of Systems, Tomáš Vojnar and Lijun Zhang (Eds.). Springer International Publishing, Cham, 393–410.
[36]
Stephen Smalley, Chris Vance, and Wayne Salamon. 2001. Implementing SELinux as a Linux security module. NAI Labs Report 1, 43 (2001), 139.
[37]
Linus Torvalds. 2003. Sparse. https://www.kernel.org/doc/html/v4.14/dev-tools/sparse.html
[38]
Maciej Treder. 2020. ng toolkit. http://netsniff-ng.org/
[39]
Fabian Yamaguchi, Christian Wressnegger, Hugo Gascon, and Konrad Rieck. 2013. Chucky: Exposing Missing Checks in Source Code for Vulnerability Discovery. Proceedings of the ACM Conference on Computer and Communications Security. https://doi.org/10.1145/2508859.2516665
[40]
Z3Prover. 2008. Z3Prover/z3. https://github.com/Z3Prover/z3
[41]
Tong Zhang, Wenbo Shen, Ahmed M. Azab, Dongyoon Lee, Changhee Jung, and Ruowen Wang. 2019. PEX: A permission check analysis framework for linux kernel. Proceedings of the 28th USENIX Security Symposium (2019), 1205–1220.
Index Terms
- LiCA: A Fine-grained and Path-sensitive Linux Capability Analysis Framework
Recommendations
Capability and Blockchain-Based Fine-Grained and Flexible Access Control Model
Currently, the integration of blockchain into access control systems has become a new research trend. However, existing access control systems still have problems such as easy confusion of capability authorisation subjects, inflexible capability granting ...
A fine-grained, controllable, user-to-user delegation method in RBAC
SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologiesThis paper addresses the issues surrounding user-to-user delegation in RBAC. We show how delegations can be incorporated into the RBAC model in a simple and straightforward manner. A special feature of the model is that it allows fine-grained control ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
October 2022
536 pages
ISBN:9781450397049
DOI:10.1145/3545948
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 26 October 2022
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- Hong Kong S.A.R. Research Grants Council (RGC) General Research Fund
- National Key Research & Development Project of China
Conference
RAID 2022
RAID 2022: 25th International Symposium on Research in Attacks, Intrusions and Defenses
October 26 - 28, 2022
Limassol, Cyprus
Acceptance Rates
Overall Acceptance Rate 43 of 173 submissions, 25%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 200Total Downloads
- Downloads (Last 12 months)51
- Downloads (Last 6 weeks)9
Reflects downloads up to 14 Dec 2024
Other Metrics
Citations
Cited By
View all- Meng JWang YLei LKou CWang P(2024)A Lightweight Defense Scheme Against Usermode Helper Privilege Escalation Using Linux CapabilityInformation Security10.1007/978-3-031-75757-0_10(190-208)Online publication date: 24-Oct-2024
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format