Information flow query and verification for security policy of security-enhanced linux

Yi Ming Chen, Yung Wei Kao

研究成果: 書貢獻/報告類型會議論文篇章同行評審

8 引文 斯高帕斯(Scopus)

摘要

This paper presents a Colored Petri Nets (CPN) approach to analyze the information flow in the policy file of Security-Enhanced Linux (SELinux). The SELinux access control decisions are based on a security policy file that contains several thousands of security rules. It becomes a challenge for policy administrator to determine whether the modification of the security policy file conforms to the pre-specified security goals. To address this issue, this paper proposes a formal information flow model for SELinux security policy file, and presents a simple query language to help administrators to express the expected/unexpected information flow. We developed a method to transform the SELinux policy and security goal into Policy CPN Diagram and Query CPN Diagram. A tool named SEAnalyzer that can automatically verify the SELinux policy has been developed and two application examples of this tool will be presented in the context.

原文???core.languages.en_GB???
主出版物標題Advances in Information and Computer Security - First International Workshop on Security, IWSEC 2006, Proceedings
發行者Springer Verlag
頁面389-404
頁數16
ISBN(列印)3540476997, 9783540476993
DOIs
出版狀態已出版 - 2006
事件1st International Workshop on Security, IWSEC 2006 - Kyoto, Japan
持續時間: 23 10月 200624 10月 2006

出版系列

名字Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
4266 LNCS
ISSN(列印)0302-9743
ISSN(電子)1611-3349

???event.eventtypes.event.conference???

???event.eventtypes.event.conference???1st International Workshop on Security, IWSEC 2006
國家/地區Japan
城市Kyoto
期間23/10/0624/10/06

指紋

深入研究「Information flow query and verification for security policy of security-enhanced linux」主題。共同形成了獨特的指紋。

引用此