A practical alternative to domain and type enforcement integrity formal models

Authors:
Liuying Tang;Sihan Qing
Affiliations:
Engineering Research Center of Fundamental Software, Institute of Software, Chinese Academy of Science, Beijing, PRC;Engineering Research Center for Information Security Technology, Institute of Software, Chinese Academy of Sciences, Beijing, PRC
Venue:
Inscrypt'06 Proceedings of the Second SKLOIS conference on Information Security and Cryptology
Year:
2006

Citing 3
Cited 0

Policy management using access control spaces

ACM Transactions on Information and System Security (TISSEC)
Analyzing integrity protection in the SELinux example policy

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Domain and type enforcement for linux

ALS'00 Proceedings of the 4th annual Linux Showcase & Conference - Volume 4

Quantified Score

Hi-index	0.00

Visualization

Abstract

Much secure system policy development uses the DTE (Domain and Type Enforcement) model, but the DTE model cannot explicitly provide the security goals of the policy. The invariants of the only based-DTE integrity protection formal model are too complex and make the model impractical. A DTE-Biba integrity formal model is proposed, in which DTE is the underlying component and the Biba integrity is the security goal. The DTE-Biba formal model describes direct Biba control relationships, and ignores the integrity level of objects. The aim is to provide the foundation for supporting effective policy configuration, policy integrity analysis and integrity verification of the DTE secure systems.