Systematic policy analysis for high-assurance services in SELinux

Gail-Joon Ahn, Wenjuan Xu, Xinwen Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

17 Citations (Scopus)

Abstract

Identifying and protecting the trusted computing base (TCB) of a system is an important task to provide high-assurance services since a set of trusted subjects should be legitimately articulated for target applications. In this paper, we present a formal policy analysis framework to identify TCB with the consideration of specific security goals. We also attempt to model information flows between domains in SELinux policies and detect security violations among information flows using Colored Petri Nets.

Original languageEnglish (US)
Title of host publicationProceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008
Pages3-10
Number of pages8
DOIs
StatePublished - 2008
Externally publishedYes
Event9th IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008 - Palisades, NY, United States
Duration: Jun 2 2008Jun 4 2008

Other

Other9th IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008
CountryUnited States
CityPalisades, NY
Period6/2/086/4/08

Fingerprint

Petri nets
Trusted computing

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Control and Systems Engineering

Cite this

Ahn, G-J., Xu, W., & Zhang, X. (2008). Systematic policy analysis for high-assurance services in SELinux. In Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008 (pp. 3-10). [4556572] https://doi.org/10.1109/POLICY.2008.18

Systematic policy analysis for high-assurance services in SELinux. / Ahn, Gail-Joon; Xu, Wenjuan; Zhang, Xinwen.

Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008. 2008. p. 3-10 4556572.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Ahn, G-J, Xu, W & Zhang, X 2008, Systematic policy analysis for high-assurance services in SELinux. in Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008., 4556572, pp. 3-10, 9th IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008, Palisades, NY, United States, 6/2/08. https://doi.org/10.1109/POLICY.2008.18
Ahn G-J, Xu W, Zhang X. Systematic policy analysis for high-assurance services in SELinux. In Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008. 2008. p. 3-10. 4556572 https://doi.org/10.1109/POLICY.2008.18
Ahn, Gail-Joon ; Xu, Wenjuan ; Zhang, Xinwen. / Systematic policy analysis for high-assurance services in SELinux. Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008. 2008. pp. 3-10
@inproceedings{7e8847bb9b2e484f834eeb1743def69f,
title = "Systematic policy analysis for high-assurance services in SELinux",
abstract = "Identifying and protecting the trusted computing base (TCB) of a system is an important task to provide high-assurance services since a set of trusted subjects should be legitimately articulated for target applications. In this paper, we present a formal policy analysis framework to identify TCB with the consideration of specific security goals. We also attempt to model information flows between domains in SELinux policies and detect security violations among information flows using Colored Petri Nets.",
author = "Gail-Joon Ahn and Wenjuan Xu and Xinwen Zhang",
year = "2008",
doi = "10.1109/POLICY.2008.18",
language = "English (US)",
isbn = "9780769531335",
pages = "3--10",
booktitle = "Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008",

}

TY - GEN

T1 - Systematic policy analysis for high-assurance services in SELinux

AU - Ahn, Gail-Joon

AU - Xu, Wenjuan

AU - Zhang, Xinwen

PY - 2008

Y1 - 2008

N2 - Identifying and protecting the trusted computing base (TCB) of a system is an important task to provide high-assurance services since a set of trusted subjects should be legitimately articulated for target applications. In this paper, we present a formal policy analysis framework to identify TCB with the consideration of specific security goals. We also attempt to model information flows between domains in SELinux policies and detect security violations among information flows using Colored Petri Nets.

AB - Identifying and protecting the trusted computing base (TCB) of a system is an important task to provide high-assurance services since a set of trusted subjects should be legitimately articulated for target applications. In this paper, we present a formal policy analysis framework to identify TCB with the consideration of specific security goals. We also attempt to model information flows between domains in SELinux policies and detect security violations among information flows using Colored Petri Nets.

UR - http://www.scopus.com/inward/record.url?scp=51849128388&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=51849128388&partnerID=8YFLogxK

U2 - 10.1109/POLICY.2008.18

DO - 10.1109/POLICY.2008.18

M3 - Conference contribution

AN - SCOPUS:51849128388

SN - 9780769531335

SP - 3

EP - 10

BT - Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008

ER -