Policy Analysis for Security-Enhanced Linux
نویسندگان
چکیده
Security-Enhanced Linux (SELinux) extends Linux with a flexible mandatory access control mechanism that enforces security policies expressed in SELinux’s policy language. Determining whether a given policy meets a site’s high-level security goals can be difficult, due to the low-level nature of the policy language and the size and complexity of SELinux policies. We propose a logic-programming-based approach to analysis of SELinux policies. The approach is implemented in a tool that helps users determine whether a policy meets its goals.
منابع مشابه
NRL Memorandum Report NRL/MR/5540|02-8629 Towards a Methodology and Tool for the Analysis of Security-Enhanced Linux Security Policies
Security-Enhanced (SE) Linux is a version of Linux with additional security features. The initial version of SE Linux was released by NSA in January, 2001. The additional security features are incorporated into Linux by superimposing the Flask architecture on its kernel. This architecture includes a security server that makes decisions as to whether particular subjects (i.e., processes) may be ...
متن کاملModeling Security - Enhanced Linux Policy Speci cations for Analysis Myla Archer
Security-Enhanced (SE) Linux is a modiication of Linux initially released by NSA in January 2001 that provides a language for specifying Linux security policies and, as in the Flask architecture, a security server for enforcing policies deened in the language. To determine whether user requests to the operating system should be granted, the security server refers to an internal form of the poli...
متن کاملModeling Security - Enhanced Linux Policy Speci cations for Analysis
Security-Enhanced (SE) Linux is a modi cation of Linux initially released by NSA in January 2001 that provides a language for specifying Linux security policies and, as in the Flask architecture, a security server for enforcing policies de ned in the language. To determine whether user requests to the operating system should be granted, the security server refers to an internal form of the poli...
متن کاملModeling Security-Enhanced Linux Policy Specifications for Analysis
Security-Enhanced (SE) Linux is a modi cation of Linux initially released by NSA in January 2001 that provides a language for specifying Linux security policies and, as in the Flask architecture, a security server for enforcing policies de ned in the language. To determine whether user requests to the operating system should be granted, the security server refers to an internal form of the poli...
متن کاملTowards a Methodology and Tool for the Analysisof Security - Enhanced Linux Security Policies
Security-Enhanced (SE) Linux is a version of Linux with additional security features. The initial version of SE Linux was released by NSA in January, 2001. The additional security features are incorporated into Linux by superimposing the Flask architecture on its kernel. This architecture includes a security server that makes decisions as to whether particular subjects (i.e., processes) may be ...
متن کامل