Abstract
Access control policy management is an increasingly hard problem from both the security point of view and the verification point of view. SELinux is a Linux Security Module (LSM) implementing a mandatory access control mechanism. SELinux integrates user identity, roles, and type security attributes for stating rules in security policies. As SELinux policies are developed and maintained by security administrators, they often become quite complex, and it is important to carefully analyze them in order to have high assurance of their correctness. There are many existing analysis tools for modeling and analyzing SELinux policies with the goal of answering specific safety and functionality questions. In this paper, we identify and highlight current gaps in these existing tools for SELinux policy analysis, and propose new tools and technologies with the potential to lead to significant improvements. The proposed solution includes adopting a certified access control policy language such as ACCPL (A Certified Access Core Policy Language). ACCPL comes with formal proofs of important properties, and our proposed solution includes adopting it to facilitate various analyses and proof of reasonability properties. ACCPL is general, and our goal is to design a certified domain-specific policy language based on it, specialized to our task.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Amthor, P., Kühnhauser, W.E., Pölck, A.: Model-based safety analysis of SELinux security policies. In: 5th International Conference on Network and System Security (NSS), pp. 208–215 (2011)
Archer, M., Leonard, E.I., Pradella, M.: Modeling security-enhanced Linux policy specifications for analysis. In: 3rd DARPA Information Survivability Conference and Exposition (DISCEX-III), pp. 164–169 (2003)
Bertot, Y., Castéran, P.: Interactive Theorem Proving and Program Development. Coq’Art: The Calculus of Inductive Constructions. Springer, Heidelberg (2004)
Bishop, M.A.: The Art and Science of Computer Security. Addison-Wesley Longman Publishing Co. Inc., Boston (2002)
Chen, Y.-M., Kao, Y.-W.: Information flow query and verification for security policy of Security-Enhanced Linux. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 389–404. Springer, Heidelberg (2006). doi:10.1007/11908739_28
Clemente, P., Kaba, B., Rouzaud-Cornabas, J., Alexandre, M., Aujay, G.: SPTrack: visual analysis of information flows within SELinux policies and attack logs. In: Huang, R., Ghorbani, A.A., Pasi, G., Yamaguchi, T., Yen, N.Y., Jin, B. (eds.) AMT 2012. LNCS, vol. 7669, pp. 596–605. Springer, Heidelberg (2012). doi:10.1007/978-3-642-35236-2_60
Coq Development Team: The Coq Proof Assistant Reference Manual (Version 8.6) (2016). https://coq.inria.fr/distrib/current/files/Reference-Manual.pdf
Guttman, J.D., Herzog, A.L., Ramsdell, J.D., Skorupka, C.W.: Verifying information flow goals in Security-Enhanced Linux. J. Comput. Secur. 13(1), 115–134 (2005)
Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Commun. ACM 19(8), 461–471 (1976)
Hurd, J., Carlsson, M., Finne, S., Letner, B., Stanley, J., White, P.: Policy DSL: high-level specifications of information flows for security policies. In: High Confidence Software and Systems (HCSS) (2009)
Jaeger, T., Edwards, A., Zhang, X.: Managing access control policies using access control spaces. In: 7th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 3–12. ACM Press (2002)
Jaeger, T., Sailer, R., Zhang, X.: Analyzing integrity protection in the SELinux example policy. In: 12th USENIX Security Symposium (2003)
Kissinger, A., Hale, J.C.: Lopol: a deductive database approach to policy analysis and rewriting. In: Security-Enhanced Linux Symposium, pp. 388–393 (2006)
Loscocco, P., Smalley, S.D.: Meeting critical security objectives with Security-Enhanced Linux. In: Ottawa Linux Symposium, pp. 115–134 (2001)
Marouf, S., Shehab, M.: SEGrapher: visualization-based SELinux policy analysis. In: 4th Symposium on Configuration Analytics and Automation (SAFECONFIG), pp. 1–8 (2011)
Mayer, F., Caplan, D., MacMillan, K.: SELinux by Example: Using Security Enhance Linux. Prentice Hall, Upper Saddle River (2006)
Nakamura, Y., Sameshima, Y., Tabata, T.: SEEdit: SELinux security policy configuration system with higher level language. In: 23rd Large Installation System Administration Conference, pp. 107–117 (2009)
National Security Agency: Security-Enhanced Linux (2016). https://www.nsa.gov/what-we-do/research/selinux/
Reshetova, E., Bonazzi, F., Asokan, N.: SELint: an SEAndroid policy analysis tool. CoRR abs/1608.02339 (2016)
Reshetova, E., Bonazzi, F., Nyman, T., Borgaonkar, R., Asokan, N.: Characterizing SEAndroid policies in the wild. CoRR abs/1510.05497 (2015)
Singh, A., Ramakrishnan, C.R., Ramakrishnan, I.V., Stoller, S.D., Warren, D.S.: Security policy analysis using deductive spreadsheets. In: ACM Workshop on Formal Methods in Security Engineering (FMSE), pp. 42–50 (2007)
Sistany, B.: A certified core policy language. Ph.D. thesis, University of Ottawa (2016). https://www.ruor.uottawa.ca/handle/10393/34865
Stallings, W., Brown, L.: Computer Security, Principles and Practices. Pearson Education, New York (2008)
The Fedora-SELinux Support List: Fedora SELinux Support. https://lists.fedoraproject.org/admin/lists/selinux.lists.fedoraproject.org/
Tresys Technology: APOL (2016). https://github.com/TresysTechnology/setools3
Tschantz, M.C.: The clarity of languages for access-control policies. Ph.D. thesis, Brown University (2005)
Tschantz, M.C., Krishnamurthi, S.: Towards reasonability properties for access-control policy languages. In: 11th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 160–169 (2006)
Wang, R., Enck, W., Reeves, D.S., Zhang, X., Ning, P., Xu, D., Zhou, W., Azab, A.M.: EASEAndroid: automatic policy analysis and refinement for Security-Enhanced Android via large-scale semi-supervised learning. In: 24th USENIX Security Symposium, pp. 351–366 (2015)
Xu, W., Shehab, M., Ahn, G.: Visualization-based policy analysis for SELinux: framework and user study. Int. J. Inf. Secur. 12(3), 155–171 (2013)
Xu, W., Zhang, X., Ahn, G.: Towards system integrity protection with graph-based policy analysis. In: 23rd Annual International Federation for Information Processing (IFIP), Data and Applications Security XXIII, pp. 65–80 (2009)
Zanin, G., Mancini, L.V.: Towards a formal model for security policies specification and validation in the SELinux system. In: 9th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 136–145. ACM Press (2004)
Zhai, G., Guo, T., Huang, J.: SCIATool: a tool for analyzing SELinux policies based on access control spaces, information flows and CPNs. In: Yung, M., Zhu, L., Yang, Y. (eds.) INTRUST 2014. LNCS, vol. 9473, pp. 294–309. Springer, Cham (2015). doi:10.1007/978-3-319-27998-5_19
Acknowledgements
Financial support from the Network of Centres of Excellence (MITACS) and Irdeto Canada is gratefully acknowledged.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Eaman, A., Sistany, B., Felty, A. (2017). Review of Existing Analysis Tools for SELinux Security Policies: Challenges and a Proposed Solution. In: Aïmeur, E., Ruhi, U., Weiss, M. (eds) E-Technologies: Embracing the Internet of Things . MCETECH 2017. Lecture Notes in Business Information Processing, vol 289. Springer, Cham. https://doi.org/10.1007/978-3-319-59041-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-59041-7_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-59040-0
Online ISBN: 978-3-319-59041-7
eBook Packages: Computer ScienceComputer Science (R0)