Skip to main content
USENIX
  • Conferences
  • Students
Sign in

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home ยป Analyzing Integrity Protection in the SELinux Example Policy
Tweet

connect with us

Analyzing Integrity Protection in the SELinux Example Policy

Abstract: 

In this paper, we present an approach for analyzing the integrity protection in the SELinux example policy. The SELinux example policy is intended as an example from which administrators customize to create a policy for their site's security goals, but the complexity of the model and size of the policy make this quite complex. Our aim is to provide an access control model to express site security goals and resolve them against the SELinux policy. Ultimately, we aim to define a minimal trusted computing base (TCB) that satisfies Clark-Wilson integrity, by first testing for the more restrictive Biba integrity policy and resolving conflicts using Clark-Wilson semantics. Our policy analysis tool, Gokyo, implements the following approach: (1) it represents the SELinux example policy and our integrity goals; (2) it identifies conflicts between them; (3) it estimates the resolutions to these conflicts; and (4) provides information for deciding upon a resolution. Using Gokyo, we derive a proposal for a minimal TCB for SELinux includes 30 subject types, and we identify the work remaining to ensure that TCB is integrity-protected. Our analysis is performed on the SELinux example policy for Linux 2.4.19.

Trent Jaeger, IBM T.J. Watson Research Center

Reiner Sailer, IBM T.J. Watson Research Center

Xiaolan Zhang, IBM T.J. Watson Research Center

BibTeX
@inproceedings {270172,
author = {Trent Jaeger and Reiner Sailer and Xiaolan Zhang},
title = {Analyzing Integrity Protection in the {SELinux} Example Policy},
booktitle = {12th USENIX Security Symposium (USENIX Security 03)},
year = {2003},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/12th-usenix-security-symposium/analyzing-integrity-protection-selinux-example-policy},
publisher = {USENIX Association},
month = aug,
}
Download

Links

Paper: 
http://www.usenix.org/events/sec03/tech/full_papers/jaeger/jaeger.pdf
Paper (HTML): 
http://www.usenix.org/events/sec03/tech/full_papers/jaeger/jaeger_html/index.html
  • Log in or    Register to post comments

© USENIX

  • Privacy Policy
  • Contact Us