Towards System Integrity Protection with Graph-Based Policy Analysis

Authors:
Wenjuan Xu;Xinwen Zhang;Gail-Joon Ahn
Affiliations:
University of North Carolina at Charlotte,;Samsung Information Systems America,;Arizona State University,
Venue:
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Year:
2009

Citing 12
Cited 1

Information flow analysis of an RBAC system

SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Graph Visualization and Navigation in Information Visualization: A Survey

IEEE Transactions on Visualization and Computer Graphics
Lattice-Based Access Control Models

Computer
Integrating Flexible Support for Security Policies into the Linux Operating System

Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
LOMAC: Low Water-Mark Integrity Protection for COTS Environments

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Network Visualization by Semantic Substrates

IEEE Transactions on Visualization and Computer Graphics
Analyzing integrity protection in the SELinux example policy

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Preventing privilege escalation

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Design and implementation of a TCG-based integrity measurement architecture

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Discretionary access control with the administrative role graph model

Proceedings of the 12th ACM symposium on Access control models and technologies
Visualization based policy analysis: case study in SELinux

Proceedings of the 13th ACM symposium on Access control models and technologies
Systematic Policy Analysis for High-Assurance Services in SELinux

POLICY '08 Proceedings of the 2008 IEEE Workshop on Policies for Distributed Systems and Networks

DR@FT: efficient remote attestation framework for dynamic systems

ESORICS'10 Proceedings of the 15th European conference on Research in computer security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Identifying and protecting the trusted computing base (TCB) of a system is an important task, which is typically performed by designing and enforcing a system security policy and verifying whether an existing policy satisfies security objectives. To efficiently support these, an intuitive and cognitive policy analysis mechanism is desired for policy designers or security administrators due to the high complexity of policy configurations in contemporary systems. In this paper, we present a graph-based policy analysis methodology to identify TCBs with the consideration of different system applications and services. Through identifying information flows violating the integrity protection of TCBs, we also propose resolving principles to using our developed graph-based policy analysis tool.