Systematic policy analysis for high-assurance services in SELinux

Gail-Joon Ahn; Wenjuan Xu; Xinwen Zhang

doi:10.1109/POLICY.2008.18

Systematic policy analysis for high-assurance services in SELinux

Gail-Joon Ahn, Wenjuan Xu, Xinwen Zhang

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

17 Citations (Scopus)

Abstract

Identifying and protecting the trusted computing base (TCB) of a system is an important task to provide high-assurance services since a set of trusted subjects should be legitimately articulated for target applications. In this paper, we present a formal policy analysis framework to identify TCB with the consideration of specific security goals. We also attempt to model information flows between domains in SELinux policies and detect security violations among information flows using Colored Petri Nets.

Original language	English (US)
Title of host publication	Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008
Pages	3-10
Number of pages	8
DOIs	https://doi.org/10.1109/POLICY.2008.18
State	Published - 2008
Externally published	Yes
Event	9th IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008 - Palisades, NY, United States Duration: Jun 2 2008 → Jun 4 2008

Other

Other	9th IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008
Country	United States
City	Palisades, NY
Period	6/2/08 → 6/4/08

Fingerprint

Petri nets

Trusted computing

ASJC Scopus subject areas

Computer Networks and Communications
Control and Systems Engineering

Cite this

Ahn, G-J., Xu, W., & Zhang, X. (2008). Systematic policy analysis for high-assurance services in SELinux. In Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008 (pp. 3-10). [4556572] https://doi.org/10.1109/POLICY.2008.18

Systematic policy analysis for high-assurance services in SELinux. / Ahn, Gail-Joon; Xu, Wenjuan; Zhang, Xinwen.

Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008. 2008. p. 3-10 4556572.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ahn, G-J, Xu, W & Zhang, X 2008, Systematic policy analysis for high-assurance services in SELinux. in Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008., 4556572, pp. 3-10, 9th IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008, Palisades, NY, United States, 6/2/08. https://doi.org/10.1109/POLICY.2008.18

Ahn G-J, Xu W, Zhang X. Systematic policy analysis for high-assurance services in SELinux. In Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008. 2008. p. 3-10. 4556572 https://doi.org/10.1109/POLICY.2008.18

Ahn, Gail-Joon ; Xu, Wenjuan ; Zhang, Xinwen. / Systematic policy analysis for high-assurance services in SELinux. Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008. 2008. pp. 3-10

@inproceedings{7e8847bb9b2e484f834eeb1743def69f,

title = "Systematic policy analysis for high-assurance services in SELinux",

abstract = "Identifying and protecting the trusted computing base (TCB) of a system is an important task to provide high-assurance services since a set of trusted subjects should be legitimately articulated for target applications. In this paper, we present a formal policy analysis framework to identify TCB with the consideration of specific security goals. We also attempt to model information flows between domains in SELinux policies and detect security violations among information flows using Colored Petri Nets.",

author = "Gail-Joon Ahn and Wenjuan Xu and Xinwen Zhang",

year = "2008",

doi = "10.1109/POLICY.2008.18",

language = "English (US)",

isbn = "9780769531335",

pages = "3--10",

booktitle = "Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008",

}

TY - GEN

T1 - Systematic policy analysis for high-assurance services in SELinux

AU - Ahn, Gail-Joon

AU - Xu, Wenjuan

AU - Zhang, Xinwen

PY - 2008

Y1 - 2008

N2 - Identifying and protecting the trusted computing base (TCB) of a system is an important task to provide high-assurance services since a set of trusted subjects should be legitimately articulated for target applications. In this paper, we present a formal policy analysis framework to identify TCB with the consideration of specific security goals. We also attempt to model information flows between domains in SELinux policies and detect security violations among information flows using Colored Petri Nets.

AB - Identifying and protecting the trusted computing base (TCB) of a system is an important task to provide high-assurance services since a set of trusted subjects should be legitimately articulated for target applications. In this paper, we present a formal policy analysis framework to identify TCB with the consideration of specific security goals. We also attempt to model information flows between domains in SELinux policies and detect security violations among information flows using Colored Petri Nets.

UR - http://www.scopus.com/inward/record.url?scp=51849128388&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=51849128388&partnerID=8YFLogxK

U2 - 10.1109/POLICY.2008.18

DO - 10.1109/POLICY.2008.18

M3 - Conference contribution

AN - SCOPUS:51849128388

SN - 9780769531335

SP - 3

EP - 10

BT - Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008

ER -

Access to Document

10.1109/POLICY.2008.18