@inproceedings{7c90a15bbb344b88a62cbf7e5b9bf7bc,
title = "Information flow query and verification for security policy of security-enhanced linux",
abstract = "This paper presents a Colored Petri Nets (CPN) approach to analyze the information flow in the policy file of Security-Enhanced Linux (SELinux). The SELinux access control decisions are based on a security policy file that contains several thousands of security rules. It becomes a challenge for policy administrator to determine whether the modification of the security policy file conforms to the pre-specified security goals. To address this issue, this paper proposes a formal information flow model for SELinux security policy file, and presents a simple query language to help administrators to express the expected/unexpected information flow. We developed a method to transform the SELinux policy and security goal into Policy CPN Diagram and Query CPN Diagram. A tool named SEAnalyzer that can automatically verify the SELinux policy has been developed and two application examples of this tool will be presented in the context.",
keywords = "Colored petri nets, Information flow, Security policy, SELinux",
author = "Chen, {Yi Ming} and Kao, {Yung Wei}",
year = "2006",
doi = "10.1007/11908739_28",
language = "???core.languages.en_GB???",
isbn = "3540476997",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "389--404",
booktitle = "Advances in Information and Computer Security - First International Workshop on Security, IWSEC 2006, Proceedings",
note = "1st International Workshop on Security, IWSEC 2006 ; Conference date: 23-10-2006 Through 24-10-2006",
}