USENIX Conference Policies
Modular Construction of DTE Policies
This paper describes a tool which composes a policy for a fine-grained mandatory access control system (DTE) from a set of mostly independent policy modules. For a large system with many services, a DTE policy becomes unwieldy. However, many system services and security extensions can be considered to be largely standalone. By providing for explicit grouping, namespaces, and globbing by namespaces, inter-module access rules can be made generic enough to permit modules to be mixed and matched as needed. As a result, it becomes easier to extend a policy, debug a policy, and to distribute meaningful policy modules with new software.
BibTeX
@inproceedings {269665,
author = {Serge E. Hallyn and Phil Kearns},
title = {Modular Construction of {DTE} Policies},
booktitle = {2004 USENIX Annual Technical Conference (USENIX ATC 04)},
year = {2004},
address = {Boston, MA},
url = {https://www.usenix.org/conference/2004-usenix-annual-technical-conference/modular-construction-dte-policies},
publisher = {USENIX Association},
month = jun
}
author = {Serge E. Hallyn and Phil Kearns},
title = {Modular Construction of {DTE} Policies},
booktitle = {2004 USENIX Annual Technical Conference (USENIX ATC 04)},
year = {2004},
address = {Boston, MA},
url = {https://www.usenix.org/conference/2004-usenix-annual-technical-conference/modular-construction-dte-policies},
publisher = {USENIX Association},
month = jun
}