static analysis of a class of memory leaks in trustedbsd mac framework

Xidian Univ, Xidian Univ, Sch Telecommun Engn, Key Lab Comp Networks & Informat Security, Minist EducSecurity labels of subjects and objects are crucial for some security policies and are an essential part of the TrustedBSD MAC framework. We find that security labels not being destroyed properly will result in memory leaks. This paper analyzes the security labels management of the TrustedBSD MAC framework and presents a path-sensitive static analysis approach to detect potential memory leaks caused by the security label management. This approach verifies complete destruction of security labels through compiler-integrated checking rules at compile-time. It achieves complete coverage of execution paths and has low false positive rate