Protection in operating systems
Communications of the ACM
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
Managing access control policies using access control spaces
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A logical framework for reasoning about access control models
ACM Transactions on Information and System Security (TISSEC)
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
Thirty Years Later: Lessons from the Multics Security Evaluation
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
LOMAC: Low Water-Mark Integrity Protection for COTS Environments
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Policy management using access control spaces
ACM Transactions on Information and System Security (TISSEC)
The flask security architecture: system support for diverse security policies
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A domain and type enforcement UNIX prototype
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Providing policy control over object operations in a mach based system
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Resolving constraint conflicts
Proceedings of the ninth ACM symposium on Access control models and technologies
Towards a formal model for security policies specification and validation in the selinux system
Proceedings of the ninth ACM symposium on Access control models and technologies
Automatic placement of authorization hooks in the linux security modules framework
Proceedings of the 12th ACM conference on Computer and communications security
PRIMA: policy-reduced integrity measurement architecture
Proceedings of the eleventh ACM symposium on Access control models and technologies
Reducing TCB complexity for security-sensitive applications: three case studies
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Modular construction of DTE policies
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Managing the risk of covert information flows in virtual machine systems
Proceedings of the 12th ACM symposium on Access control models and technologies
A layered approach to simplified access control in virtualized systems
ACM SIGOPS Operating Systems Review
Splitting interfaces: making trust between applications and operating systems configurable
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Daonity - Grid security from two levels of virtualization
Information Security Tech. Report
Security policy analysis using deductive spreadsheets
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
A cryptographic access control architecture secure against privileged attackers
Proceedings of the 2007 ACM workshop on Computer security architecture
Xcellog: A deductive spreadsheet system
The Knowledge Engineering Review
Application-level isolation and recovery with solitude
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Visualization based policy analysis: case study in SELinux
Proceedings of the 13th ACM symposium on Access control models and technologies
Reusability of Functionality-Based Application Confinement Policy Abstractions
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Trojan horse resistant discretionary access control
Proceedings of the 14th ACM symposium on Access control models and technologies
Towards System Integrity Protection with Graph-Based Policy Analysis
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
PolicyGlobe: a framework for integrating network and operating system security policies
Proceedings of the 2nd ACM workshop on Assurable and usable security configuration
Application containers without virtual machines
Proceedings of the 1st ACM workshop on Virtual machine security
Design and implementation of a tool for analyzing SELinux secure policy
Proceedings of the 2nd International Conference on Interaction Sciences: Information Technology, Culture and Human
Model-Driven Configuration of SELinux Policies
OTM '09 Proceedings of the Confederated International Conferences, CoopIS, DOA, IS, and ODBASE 2009 on On the Move to Meaningful Internet Systems: Part II
Towards analyzing complex operating system access control configurations
Proceedings of the 15th ACM symposium on Access control models and technologies
A learning-based approach for SELinux policy optimization with type mining
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Protecting confidential data on personal computers with storage capsules
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
DR@FT: efficient remote attestation framework for dynamic systems
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Towards practical avoidance of information leakage in enterprise networks
HotSec'11 Proceedings of the 6th USENIX conference on Hot topics in security
Policy analysis for Administrative Role-Based Access Control
Theoretical Computer Science
A practical alternative to domain and type enforcement integrity formal models
Inscrypt'06 Proceedings of the Second SKLOIS conference on Information Security and Cryptology
Deductive spreadsheets using tabled logic programming
ICLP'06 Proceedings of the 22nd international conference on Logic Programming
Information flow query and verification for security policy of security-enhanced linux
IWSEC'06 Proceedings of the 1st international conference on Security
STING: finding name resolution vulnerabilities in programs
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Verifying system integrity by proxy
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Situation-based policy enforcement
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Improving Mandatory Access Control for HPC clusters
Future Generation Computer Systems
Integrity walls: finding attack surfaces from mandatory access control policies
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
Transforming commodity security policies to enforce Clark-Wilson integrity
Proceedings of the 28th Annual Computer Security Applications Conference
Using security policies to automate placement of network intrusion prevention
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Process firewalls: protecting processes during resource access
Proceedings of the 8th ACM European Conference on Computer Systems
| Hi-index | 0.00 |
In this paper, we present an approach for analyzing the integrity protection in the SELinux example policy. The SELinux example policy is intended as an example from which administrators customize to create a policy for their site's security goals, but the complexity of the model and size of the policy make this quite complex. Our aim is to provide an access control model to express site security goals and resolve them against the SELinux policy. Ultimately, we aim to define a minimal trusted computing base (TCB) that satisfies Clark-Wilson integrity, by first testing for the more restrictive Biba integrity policy and resolving conflicts using Clark-Wilson semantics. Our policy analysis tool, Gokyo, implements the following approach: (1) it represents the SELinux example policy and our integrity goals; (2) it identifies conflicts between them; (3) it estimates the resolutions to these conflicts; and (4) provides information for deciding upon a resolution. Using Gokyo, we derive a proposal for a minimal TCB for SELinux includes 30 subject types, and we identify the work remaining to ensure that TCB is integrity-protected. Our analysis is performed on the SELinux example policy for Linux 2.4.19.