Systematic policy analysis for high-assurance services in SELinux

Gail Joon Ahn; Wenjuan Xu; Xinwen Zhang

doi:10.1109/POLICY.2008.18

Systematic policy analysis for high-assurance services in SELinux

Gail Joon Ahn, Wenjuan Xu, Xinwen Zhang

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

17 Scopus citations

Abstract

Identifying and protecting the trusted computing base (TCB) of a system is an important task to provide high-assurance services since a set of trusted subjects should be legitimately articulated for target applications. In this paper, we present a formal policy analysis framework to identify TCB with the consideration of specific security goals. We also attempt to model information flows between domains in SELinux policies and detect security violations among information flows using Colored Petri Nets.

Original language	English (US)
Title of host publication	Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008
Pages	3-10
Number of pages	8
DOIs	https://doi.org/10.1109/POLICY.2008.18
State	Published - 2008
Externally published	Yes
Event	9th IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008 - Palisades, NY, United States Duration: Jun 2 2008 → Jun 4 2008

Publication series

Name	Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008

Other

Other	9th IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008
Country/Territory	United States
City	Palisades, NY
Period	6/2/08 → 6/4/08

ASJC Scopus subject areas

Computer Networks and Communications
Control and Systems Engineering

Access to Document

10.1109/POLICY.2008.18

Cite this

Systematic policy analysis for high-assurance services in SELinux. / Ahn, Gail Joon; Xu, Wenjuan; Zhang, Xinwen.

Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008. 2008. p. 3-10 4556572 (Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ahn, GJ, Xu, W & Zhang, X 2008, Systematic policy analysis for high-assurance services in SELinux. in Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008., 4556572, Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008, pp. 3-10, 9th IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008, Palisades, NY, United States, 6/2/08. https://doi.org/10.1109/POLICY.2008.18

@inproceedings{7e8847bb9b2e484f834eeb1743def69f,

title = "Systematic policy analysis for high-assurance services in SELinux",

abstract = "Identifying and protecting the trusted computing base (TCB) of a system is an important task to provide high-assurance services since a set of trusted subjects should be legitimately articulated for target applications. In this paper, we present a formal policy analysis framework to identify TCB with the consideration of specific security goals. We also attempt to model information flows between domains in SELinux policies and detect security violations among information flows using Colored Petri Nets.",

author = "Ahn, {Gail Joon} and Wenjuan Xu and Xinwen Zhang",

note = "Copyright: Copyright 2011 Elsevier B.V., All rights reserved.; 9th IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008 ; Conference date: 02-06-2008 Through 04-06-2008",

year = "2008",

doi = "10.1109/POLICY.2008.18",

language = "English (US)",

isbn = "9780769531335",

series = "Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008",

pages = "3--10",

booktitle = "Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008",

}

TY - GEN

T1 - Systematic policy analysis for high-assurance services in SELinux

AU - Ahn, Gail Joon

AU - Xu, Wenjuan

AU - Zhang, Xinwen

PY - 2008

Y1 - 2008

N2 - Identifying and protecting the trusted computing base (TCB) of a system is an important task to provide high-assurance services since a set of trusted subjects should be legitimately articulated for target applications. In this paper, we present a formal policy analysis framework to identify TCB with the consideration of specific security goals. We also attempt to model information flows between domains in SELinux policies and detect security violations among information flows using Colored Petri Nets.

AB - Identifying and protecting the trusted computing base (TCB) of a system is an important task to provide high-assurance services since a set of trusted subjects should be legitimately articulated for target applications. In this paper, we present a formal policy analysis framework to identify TCB with the consideration of specific security goals. We also attempt to model information flows between domains in SELinux policies and detect security violations among information flows using Colored Petri Nets.

UR - http://www.scopus.com/inward/record.url?scp=51849128388&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=51849128388&partnerID=8YFLogxK

U2 - 10.1109/POLICY.2008.18

DO - 10.1109/POLICY.2008.18

M3 - Conference contribution

AN - SCOPUS:51849128388

SN - 9780769531335

T3 - Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008

SP - 3

EP - 10

BT - Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008

T2 - 9th IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008

Y2 - 2 June 2008 through 4 June 2008

ER -

Systematic policy analysis for high-assurance services in SELinux

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this