Modeling Security - Enhanced Linux Policy Speci cations for Analysis Myla Archer

نویسندگان

  • Myla Archer
  • Elizabeth Leonard
  • Matteo Pradella
چکیده

Security-Enhanced (SE) Linux is a modiication of Linux initially released by NSA in January 2001 that provides a language for specifying Linux security policies and, as in the Flask architecture, a security server for enforcing policies deened in the language. To determine whether user requests to the operating system should be granted, the security server refers to an internal form of the policy compiled from the policy spec-iication. Since the most convenient description of the policy for user understanding is its \source" speciica-tion in the policy language, it is natural for users to expect to be able to analyze the properties of the policy from this source speciication. However, though speci-cations in the SE Linux policy language avoid implementation details, the policy language is very low-level, making the high level properties of a policy diicult to deduce by inspection. For this reason, tools to help users with the analysis are necessary. The goal of the NRL project on analyzing SE Linux security policies is to rst use mechanized support to analyze the spec-iication of an example policy, and then to customize this support for use by practitioners in the open source software community. This paper summarizes how we have modeled an example security policy in the analysis tool TAME, the kinds of analysis we can support, and prototype mechanical support to enable others to model example security policies in TAME. (For an extended version of this paper, see 5].)

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Modeling Security - Enhanced Linux Policy Speci cations for Analysis

Security-Enhanced (SE) Linux is a modi cation of Linux initially released by NSA in January 2001 that provides a language for specifying Linux security policies and, as in the Flask architecture, a security server for enforcing policies de ned in the language. To determine whether user requests to the operating system should be granted, the security server refers to an internal form of the poli...

متن کامل

Analyzing Security - Enhanced Linux Policy Speci cations

NSA's Security-Enhanced (SE) Linux enhances Linux by providing a speci cation language for security policies and a Flask-like architecture with a security server for enforcing policies de ned in the language. It is natural for users to expect to be able to analyze the properties of a policy from its speci cation in the policy language. But this language is very low level, making the high level ...

متن کامل

NRL Memorandum Report NRL/MR/5540|02-8629 Towards a Methodology and Tool for the Analysis of Security-Enhanced Linux Security Policies

Security-Enhanced (SE) Linux is a version of Linux with additional security features. The initial version of SE Linux was released by NSA in January, 2001. The additional security features are incorporated into Linux by superimposing the Flask architecture on its kernel. This architecture includes a security server that makes decisions as to whether particular subjects (i.e., processes) may be ...

متن کامل

Modeling Security-Enhanced Linux Policy Specifications for Analysis

Security-Enhanced (SE) Linux is a modi cation of Linux initially released by NSA in January 2001 that provides a language for specifying Linux security policies and, as in the Flask architecture, a security server for enforcing policies de ned in the language. To determine whether user requests to the operating system should be granted, the security server refers to an internal form of the poli...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2003