TY - GEN
T1 - Visualization based policy analysis
T2 - 13th ACM Symposium on Access Control Models and Technologies, SACMAT'08
AU - Xu, Wenjuan
AU - Shehab, Mohamed
AU - Ahn, Gail Joon
N1 - Copyright:
Copyright 2008 Elsevier B.V., All rights reserved.
PY - 2008
Y1 - 2008
N2 - Determining whether a given policy meets a site's high-level security goals can be difficult, due to the low-level nature and complexity of the policy language, and the multiple policy violation patterns. In this paper, we propose a visualization-based policy analysis framework that enables system administrators to visually query and visualize SELinux security policies and to easily identify the policy violations. We propose and formalize both a semantic substrate and adjacency matrix visualization techniques for policy visualization. Furthermore, we propose a visual query language for expressing policy queries in a visual form. Our framework is targeted towards enabling the average administrator by providing an intuitive cognitive sense about the policy, policy queries and policy violations. We also describe our implementation of a visualization-based policy analysis tool that provides the functionalities discussed in our framework.
AB - Determining whether a given policy meets a site's high-level security goals can be difficult, due to the low-level nature and complexity of the policy language, and the multiple policy violation patterns. In this paper, we propose a visualization-based policy analysis framework that enables system administrators to visually query and visualize SELinux security policies and to easily identify the policy violations. We propose and formalize both a semantic substrate and adjacency matrix visualization techniques for policy visualization. Furthermore, we propose a visual query language for expressing policy queries in a visual form. Our framework is targeted towards enabling the average administrator by providing an intuitive cognitive sense about the policy, policy queries and policy violations. We also describe our implementation of a visualization-based policy analysis tool that provides the functionalities discussed in our framework.
KW - Security
KW - Verification
UR - http://www.scopus.com/inward/record.url?scp=57349092163&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=57349092163&partnerID=8YFLogxK
U2 - 10.1145/1377836.1377863
DO - 10.1145/1377836.1377863
M3 - Conference contribution
AN - SCOPUS:57349092163
SN - 9781605581293
T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
SP - 165
EP - 174
BT - SACMAT'08 - Proceedings of the 13th ACM Symposium on Access Control Models and Technologies
Y2 - 11 June 2008 through 13 June 2008
ER -