XSM(Xen Security Module)是虚拟机Xen的安全模型框架,对系统的安全性具有决定性的作用.目前,对类似的强制访问框架的正确性验证研究主要集中于对钩子函数放置的验证.现有检测方法通常路径覆盖不够完整,或者有较高的误报率.对XSM框架的正确性验证问题进行分析,提出一种过程间流敏感、过程内路径敏感的,适用于XSM框架的静态分析方法.该方法通过扩展静态分析工具Saturn,实现了对XSM框架的钩子函数设置的正确性和完备性的验证.经实验验证,该方法具有完全的路径覆盖性,并且具有较高的精确度.%XSM is the security module framework of Xen Virtual Machine, it has crucial role on the security of system. Current researches on correctness verification for mandatory access control framework mainly focus on authorisation of hooks placement verification. All the existing methods either don' t cover all paths, or have high false positive rate. In this paper we analyse the correctness verification issue for Xen Security Module framework, and present an inter-procedure flow-sensitive and intra-procedure path-sensitive based static analysis approach for the framework. This approach verifies the accuracy and completeness of hooks placement of the Xen Security Module framework through extending the static analysis tool Saturn. It has been attested by the experiment that this approach achieves full path cover and has quite high accuracy.
展开▼
