Information flow analysis of an RBAC system
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Graph Visualization and Navigation in Information Visualization: A Survey
IEEE Transactions on Visualization and Computer Graphics
Lattice-Based Access Control Models
Computer
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
LOMAC: Low Water-Mark Integrity Protection for COTS Environments
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Network Visualization by Semantic Substrates
IEEE Transactions on Visualization and Computer Graphics
Analyzing integrity protection in the SELinux example policy
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Preventing privilege escalation
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Discretionary access control with the administrative role graph model
Proceedings of the 12th ACM symposium on Access control models and technologies
Visualization based policy analysis: case study in SELinux
Proceedings of the 13th ACM symposium on Access control models and technologies
Systematic Policy Analysis for High-Assurance Services in SELinux
POLICY '08 Proceedings of the 2008 IEEE Workshop on Policies for Distributed Systems and Networks
DR@FT: efficient remote attestation framework for dynamic systems
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Hi-index | 0.00 |
Identifying and protecting the trusted computing base (TCB) of a system is an important task, which is typically performed by designing and enforcing a system security policy and verifying whether an existing policy satisfies security objectives. To efficiently support these, an intuitive and cognitive policy analysis mechanism is desired for policy designers or security administrators due to the high complexity of policy configurations in contemporary systems. In this paper, we present a graph-based policy analysis methodology to identify TCBs with the consideration of different system applications and services. Through identifying information flows violating the integrity protection of TCBs, we also propose resolving principles to using our developed graph-based policy analysis tool.