Automatic Security Testing Of Linux System Calls

With the development of information technology, information systems are applied extensively and intensively in various fileds of social life, so information security becomes indispensable in the research of information technology, and demonstrates its importance increasingly. The security of operating system is the foundation of information system's security. Moreover, system calls are the only interface between the user space and the kernel space, so their security is the premise to the security of operating system. It is the key to ensure operating system to be secure and reliable that how to test the security of a large amount of system calls fully and efficiently.Automatic testing technologies of software can shorten the cycle of software, save manpower resources, strengthen the stability and reliability of testing, and increase the trust of software and so on. Based on Linux operating system, the feasibility of automatic testing of Linux system calls' security is discussed and the solution of automatic security testing of Linux system calls is given in this paper by analyzing the mechanism of Linux system call and the mechanism of security in kernel. In view of the huge number of Linux system calls, the security of system calls and the choosing principle of security testing sequence are discussed preliminarily based on which the testing sequence of some system calls is given and applied in testing. A prototype system for automatic security testing of system calls is designed and implemented based on Fedora 9 and Linux kernel 2.6.25-14.fc9.i686. The prototype is made up of control module, objects setup module, standard test module, special test module and test configuration database. Control module is used to control test process. Standard test module and special test module are used for testing the different aspects of system calls. Except the definition of some common global variables, the rest of the test preparation works such as setting up test environment and creating objects are finished by test configuration database and objects setup module together. Then the test cases of creat, access, chmod, chown, mkdir, etc, together with the test results are discussed and analyzed preliminarily.Finally, the research work in this paper is summarized, as well as further research directions are pointed.