Owner: Daniel H. Jones
danjones@us.ibm.com
version 0.1
This analysis shall show that SUSE LINUX Enterprise Server operates in accordance with the high level design. The method used is to show with some selected examples that the system calls the internal interfaces as expected from the description in the high level design. In addition all the test cases are mapped to the subsystems of the high level design where the security function tested is implemented.
The analysis is based on three parts:
In the EAL4 functional specification spreadsheet, each test is mapped to the subsystem of the high level design that implements the function. The mapping shows that all subsystems of the high level are involved in the testing.
The output produced by gcov during execution of a selective set of tests demonstrates coverage of the subsystems identified in the high level design.
A select set of tests from the Linux Test Project (LTP) suite were utilized for coverage analysis. These tests are: bind01, execve01, ioctl01, kill01, msgctl01, open01, read01, semctl01, and shmctl01. The tests are located in the misc_test/gcov/tests directory of the EAL4 test suite. These basic tests are wrapped in scripts that perform all the necessary pre and post test processing. The wrapper scripts are named using the convention gcov_<testname>, where <testname> represents the system call(s) invoked by the test. The LTP gcov extension (lcov) was used to capture coverage information about each specific test and to format the output into html files for simplified viewing and navigation.
Prior to each test, coverage counters are cleared using the lcov “-z” option so that, as much as possible, the output reflects the coverage provided by the test in execution. Any background activity on the system will also contribute to the information captured by gcov. After execution of each test, the counter information was captured to a file. The lcov genhtml utility was then invoked to process the output information into html documents.
For
some security critical functions we show in the source code how the internal
functions mentioned in the high level design are invoked. This is done using
the html output produced by the gcov tool and augmenting this with some
comments highlighting the kernel internal flow.
The tool used to provide this analysis is gcov, a profiling tool showing for
each line of a selected part of the source how often they have been executed.
The following text taken from the gcov(1) man page
provides a short description of the functionalty of gcov:
gcov is a test coverage program. Use it in concert with GCC to analyze your programs to help create
more efficient, faster running code. You can use gcov as a profiling
tool to help discover where your optimization efforts will best affect your
code. You can also use gcov along with the other profiling tool, gprof,
to assess which parts of your code use the greatest amount of computing time.
Profiling
tools help you analyze your code's performance. Using a profiler such as gcov
or gprof, you can find out some basic performance statistics, such as:
*
how often each line of code
executes
*
what lines of code are
actually executed
*
how much computing time each
section of code uses
Once
you know these things about how your code works when compiled, you can look at
each module to see which modules should be optimized. gcov
helps you determine where to work on optimization.
The purpose of this analysis is to show with those examples that the security functions of SUSE LINUX Enterprise Server 9 used in those examples works in accordance with the description in the high level design. The scope of the analysis has been restricted to the kernel, since this is the most complex part of the system and most of the security functions are implemented in the kernel.
The resulting output from each test may be analyzed by extracting files from the documents/EAL4/xSeries.gcov.tar.gz archive to a suitable location. From this location, extract the files contained in the Gcov/gcov.tar.gz. Using a browser, open the Gcov/<testname>/index.html. The kernel source tree may be navigated using the directory and filename links created by lcov. When a file is selected, the source code for the file is displayed and each line of source that has been executed is highlighted. The source line is prefaced with a count that represents the number of times a line was executed during the session.