ABSTRACT
One of the major steps towards enhancing the security of the Linux operating system was the introduction of Security Enhanced Linux (SELinux) [1], developed by the U.S. National Security Agency. SELinux is a kernel Linux Security Module (LSM) that adds Mandatory Access Control (MAC) to a regular Linux system with Discretionary Access Control (DAC) [2]. SELinux supports Type Enforcement (TE), Role Based Access Control (RBAC), and Multi-Level Security Levels (MLS).
Supplemental Material
Available for Download
- Security Enhanced Linux, "http://www.nsa.gov/research/selinux, (03/10/2010)."Google Scholar
- SELinux in Ubuntu, "https://wiki.ubuntu.com/selinux, (03/12/2010)."Google Scholar
- D. Zhang, K. Ramamohanarao, and T. Ebringer, "Role engineering using graph optimisation," in SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologies, (New York, NY, USA), pp. 139--144, ACM, 2007. Google ScholarDigital Library
- J. Vaidya, V. Atluri, and Q. Guo, "The role mining problem: finding a minimal descriptive set of roles," in SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologies, (New York, NY, USA), pp. 175--184, ACM, 2007. Google ScholarDigital Library
- G. Zhai, W. Ma, M. Tian, N. Yang, C. Liu, and H. Yang, "Design and implementation of a tool for analyzing selinux secure policy," in ICIS '09: Proceedings of the 2nd International Conference on Interaction Sciences, (New York, NY, USA), pp. 446--451, ACM, 2009. Google ScholarDigital Library
- B. Hicks, S. Rueda, L. St. Clair, T. Jaeger, and P. McDaniel, "A logical specification and analysis for selinux mls policy," in SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologies, (New York, NY, USA), pp. 91--100, ACM, 2007. Google ScholarDigital Library
- B. Sarna-Starosta and S. D. Stoller, "Policy analysis for security-enhanced linux," in Proceedings of the 2004 Workshop on Issues in the Theory of Security (WITS), pp. 1--12, April 2004. Available at http://www.cs.sunysb.edu/~stoller/WITS2004.html.Google Scholar
- T. Jaeger, R. Sailer, and X. Zhang, "Analyzing integrity protection in the selinux example policy," in SSYM'03: Proceedings of the 12th conference on USENIX Security Symposium, (Berkeley, CA, USA), pp. 5--5, USENIX Association, 2003. Google ScholarDigital Library
- The MITRE Corporation, "Polgen: Guided automated policy development. url http://www.mitre.org/tech/selinux, (03/05/2010)."Google Scholar
- T. Yokoyama, M. Hanaoka, M. Shimamura, and K. Kono, "Simplifying security policy descriptions for internet servers in secure operating systems," in SAC '09: Proceedings of the 2009 ACM symposium on Applied Computing, (New York, NY, USA), pp. 326--333, ACM, 2009. Google ScholarDigital Library
- G.-J. Ahn, W. Xu, and X. Zhang, "Systematic policy analysis for high-assurance services in selinux," in POLICY '08: Proceedings of the 2008 IEEE Workshop on Policies for Distributed Systems and Networks, (Washington, DC, USA), pp. 3--10, IEEE Computer Society, 2008. Google ScholarDigital Library
Index Terms
- A learning-based approach for SELinux policy optimization with type mining
Recommendations
Mining Positive and Negative Attribute-Based Access Control Policy Rules
SACMAT '18: Proceedings of the 23nd ACM on Symposium on Access Control Models and TechnologiesMining access control policies can reduce the burden of adopting more modern access control models by automating the process of generating policies based on existing authorization information in a system. Previous work in this area has focused on mining ...
Comments