Visualization based policy analysis: Case study in SELinux

Wenjuan Xu, Mohamed Shehab, Gail Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

18 Scopus citations

Abstract

Determining whether a given policy meets a site's high-level security goals can be difficult, due to the low-level nature and complexity of the policy language, and the multiple policy violation patterns. In this paper, we propose a visualization-based policy analysis framework that enables system administrators to visually query and visualize SELinux security policies and to easily identify the policy violations. We propose and formalize both a semantic substrate and adjacency matrix visualization techniques for policy visualization. Furthermore, we propose a visual query language for expressing policy queries in a visual form. Our framework is targeted towards enabling the average administrator by providing an intuitive cognitive sense about the policy, policy queries and policy violations. We also describe our implementation of a visualization-based policy analysis tool that provides the functionalities discussed in our framework.

Original languageEnglish (US)
Title of host publicationSACMAT'08 - Proceedings of the 13th ACM Symposium on Access Control Models and Technologies
Pages165-174
Number of pages10
DOIs
StatePublished - Dec 15 2008
Externally publishedYes
Event13th ACM Symposium on Access Control Models and Technologies, SACMAT'08 - Estes Park, CO, United States
Duration: Jun 11 2008Jun 13 2008

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Conference

Conference13th ACM Symposium on Access Control Models and Technologies, SACMAT'08
CountryUnited States
CityEstes Park, CO
Period6/11/086/13/08

Keywords

  • Security
  • Verification

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems

Fingerprint Dive into the research topics of 'Visualization based policy analysis: Case study in SELinux'. Together they form a unique fingerprint.

  • Cite this

    Xu, W., Shehab, M., & Ahn, G. J. (2008). Visualization based policy analysis: Case study in SELinux. In SACMAT'08 - Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (pp. 165-174). [1377863] (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT). https://doi.org/10.1145/1377836.1377863