V3SPA: A visual analysis, exploration, and diffing tool for SELinux and SEAndroid security policies

摘要

SELinux policies have enormous potential to enforce granular security requirements, but the size and complexity of SELinux security policies make them challenging for security policy administrators to determine whether the implemented policy meets an organization's security requirements. To address the challenges in developing and maintaining SELinux security policies, this paper presents V3SPA (Verification, Validation and Visualization of Security Policy Abstractions). V3SPA is a tool that can import SELinux and Security Enhancements (SE) for Android source or binary policies and visualize them using two views: A policy explorer, and a policy differ. The policy explorer supports users in exploring a policy and understanding the relationships defined by the policy. The diffing view is designed to support differential policy analysis, showing the changes between two versions of a policy. The main contributions of this paper are 1) the design of the policy explorer, and the design and novel usecase for the policy differ, 2) a report on system design considerations to enable the graph visualizations to scale up to visualizing policies with tens of thousands of nodes and edges, and 3) a survey of five SELinux and SE for Android policy developers and analysts. The results of the survey indicate a need for tools such as V3SPA to help policy workers understand the big picture of large, complex security policies.