SCIATool: A Tool for Analyzing SELinux Policies Based on Access Control Spaces, Information Flows and CPNs

摘要

Although security policies configuration is crucial for operating systems to constrain applications' operations and to protect the confidentiality and integrity of sensitive resources inside the systems, it is an intractable work for security administrators to accomplish correctly and consistently solely by hands. Thus policies analysis methods are becoming research hotspots. A great deal of such researches are focused on SELinux, which is a security-enhanced module of open-source and popular Linux. Among various analysis methods for SELinux policies, those based on access control spaces, information flows and colored Petri-nets (CPNs) can be thought as the three most valuable methods and they can be exploited together and complementarily. In this paper, a prototype of SELinux policies Configuration Integrated Analysis Tool, i.e. SCIATool, is designed and implemented by integrating these three methods together. Test results are provided and further researches as to construct a computer-aided configuration tool for SELinux policies are discussed.