TY - GEN
T1 - Towards system integrity protection with graph-based policy analysis
AU - Xu, Wenjuan
AU - Zhang, Xinwen
AU - Ahn, Gail-Joon
PY - 2009
Y1 - 2009
N2 - Identifying and protecting the trusted computing base (TCB) of a system is an important task, which is typically performed by designing and enforcing a system security policy and verifying whether an existing policy satisfies security objectives. To efficiently support these, an intuitive and cognitive policy analysis mechanism is desired for policy designers or security administrators due to the high complexity of policy configurations in contemporary systems. In this paper, we present a graph-based policy analysis methodology to identify TCBs with the consideration of different system applications and services. Through identifying information flows violating the integrity protection of TCBs, we also propose resolving principles to using our developed graph-based policy analysis tool.
AB - Identifying and protecting the trusted computing base (TCB) of a system is an important task, which is typically performed by designing and enforcing a system security policy and verifying whether an existing policy satisfies security objectives. To efficiently support these, an intuitive and cognitive policy analysis mechanism is desired for policy designers or security administrators due to the high complexity of policy configurations in contemporary systems. In this paper, we present a graph-based policy analysis methodology to identify TCBs with the consideration of different system applications and services. Through identifying information flows violating the integrity protection of TCBs, we also propose resolving principles to using our developed graph-based policy analysis tool.
UR - http://www.scopus.com/inward/record.url?scp=70350379176&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=70350379176&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-03007-9_5
DO - 10.1007/978-3-642-03007-9_5
M3 - Conference contribution
AN - SCOPUS:70350379176
SN - 3642030068
SN - 9783642030062
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 65
EP - 80
BT - Data and Applications Security XXIII - 23rd Annual IFIP WG 11.3 Working Conference, Proceedings
T2 - 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security
Y2 - 12 July 2009 through 15 July 2009
ER -