首页> 外文期刊>ACM transactions on information and system security >A Logical Specification and Analysis for SELinux MLS Policy
【24h】

A Logical Specification and Analysis for SELinux MLS Policy

机译:SELinux MLS策略的逻辑规范和分析

获取原文
获取原文并翻译 | 示例

摘要

The SELinux mandatory access control (MAC) policy has recently added a multilevel security (MLS) model which is able to express a fine granularity of control over a subject's access rights. The problem is that the richness of the SELinux MLS model makes it impractical to manually evaluate that a given policy meets certain specific properties. To address this issue, we have modeled the SELinux MLS model, using a logical specification and implemented that specification in the Prolog language. Furthermore, we have developed some analyses for testing information flow properties of a given policy as well as an algorithm to determine whether one policy is compliant with another. We have implemented these analyses in Prolog and compiled our implementation into a tool for SELinux MLS policy analysis, called PALMS. Using PALMS, we verified some important properties of the SELinux MLS reference policy, namely that it satisfies the simple security condition and *-property defined by Bell and LaPadula. We also evaluated whether the policy associated to a given application is compliant with the policy of the SELinux system in which it would be deployed.
机译:SELinux强制访问控制(MAC)策略最近添加了一个多级安全性(MLS)模型,该模型能够表达对主题访问权限的精细控制。问题在于SELinux MLS模型的丰富性使得手动评估给定策略满足某些特定属性变得不切实际。为了解决这个问题,我们使用逻辑规范对SELinux MLS模型进行了建模,并以Prolog语言实现了该规范。此外,我们已经开发了一些用于测试给定策略的信息流属性的分析以及确定一种策略是否与另一种策略兼容的算法。我们已经在Prolog中实现了这些分析,并将实现编译为SELinux MLS策略分析工具PALMS。使用PALMS,我们验证了SELinux MLS参考策略的一些重要属性,即它满足Bell和LaPadula定义的简单安全条件和*属性。我们还评估了与给定应用程序关联的策略是否符合将在其中部署SELinux系统的策略。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号