Policy management using access control spaces
ACM Transactions on Information and System Security (TISSEC)
Analyzing integrity protection in the SELinux example policy
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
A learning-based approach for SELinux policy optimization with type mining
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
| Hi-index | 0.01 |
SELinux can enforce a policy based on mandatory access control (MAC) for Linux so as to fulfill the security requirements of more strict access control for those hierarchical and classified management organizations or situations. But security policy configuration is a hard and intractable task for SELinux due to its recondite policy description language and huge number of complicated security policies. Thereafter, it is rather significant to build a powerful assistant tool to help security managers to perform security policy configurations. And the key problem is to analyze configured security policies automatically or semi-automatically so that as many configuration loopholes as possible can be detected and then be eliminated. In this paper, both security models and policy description language supported by SELinux are summarized at first. While methods for analyzing security policies are discussed in details secondly. Then a prototype for a tool to analyze security policies automatically is designed, implemented and tested as well as some preliminary test results are given. Finally, the research work in this paper is summed up and some further research directions are pointed out.