Security Goals: Packet Trajectories and Strand Spaces
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Authentication and Confidentiality via IPSEC
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
What is Intransitive Noninterference?
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Filtering postures: local enforcement for global policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Automatic placement of authorization hooks in the linux security modules framework
Proceedings of the 12th ACM conference on Computer and communications security
NETRA:: seeing through access control
Proceedings of the fourth ACM workshop on Formal methods in security
A logical specification and analysis for SELinux MLS policy
Proceedings of the 12th ACM symposium on Access control models and technologies
Efficient policy analysis for administrative role based access control
Proceedings of the 14th ACM conference on Computer and communications security
Verifying compliance of trusted programs
SS'08 Proceedings of the 17th conference on Security symposium
Simplifying security policy descriptions for internet servers in secure operating systems
Proceedings of the 2009 ACM symposium on Applied Computing
Remote Attestation of Attribute Updates and Information Flows in a UCON System
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Analysis of virtual machine system policies
Proceedings of the 14th ACM symposium on Access control models and technologies
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Verifying Information Flow Control over Unbounded Processes
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Model-Driven Configuration of SELinux Policies
OTM '09 Proceedings of the Confederated International Conferences, CoopIS, DOA, IS, and ODBASE 2009 on On the Move to Meaningful Internet Systems: Part II
Vulnerability analysis in VGBPS using Prolog
FSEN'07 Proceedings of the 2007 international conference on Fundamentals of software engineering
A logical specification and analysis for SELinux MLS policy
ACM Transactions on Information and System Security (TISSEC)
Towards analyzing complex operating system access control configurations
Proceedings of the 15th ACM symposium on Access control models and technologies
Analysis of privacy and security policies
IBM Journal of Research and Development
SEEdit: SELinux security policy configuration system with higher level language
LISA'09 Proceedings of the 23rd conference on Large installation system administration
ITP'11 Proceedings of the Second international conference on Interactive theorem proving
Policy analysis for Administrative Role-Based Access Control
Theoretical Computer Science
Automated discovery of mimicry attacks
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Policy analysis for administrative role based access control without separate administration
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
SEC'13 Proceedings of the 22nd USENIX conference on Security
Comprehensive formal verification of an OS microkernel
ACM Transactions on Computer Systems (TOCS)
| Hi-index | 0.00 |
In this paper, we present a systematic way to determine the information flow security goals achieved by systems running a secure O/S, specifically systems running Security-Enhanced Linux. A formalization of the access control mechanism of the SELinux security server, together with a labeled transition system representing an SELinux configuration, provides our framework. Information flow security goal statements expressed in linear temporal logic provide a clear description of the objectives that SELinux is intended to achieve. We use model checking to determine whether security goals hold in a given system. These formal models combined with appropriate algorithms have led to automated tools for the verification of security properties in an SELinux system. Our approach has been used in other security management contexts over the past decade, under the name rigorous automated security management.