Visualization-based policy analysis for SELinux: Framework and user study

Wenjuan Xu; Mohamed Shehab; Gail-Joon Ahn

doi:10.1007/s10207-012-0180-7

Visualization-based policy analysis for SELinux: Framework and user study

Wenjuan Xu, Mohamed Shehab, Gail-Joon Ahn

Research output: Contribution to journal › Article › peer-review

9 Scopus citations

Abstract

In this paper, we propose a visualization-based policy analysis framework that enables system administrators to query and visualize security policies and to easily identify the policy violations, especially focused on SELinux. Furthermore, we propose a visual query language for expressing policy queries in a visual form. Our framework provides an intuitive cognitive sense about the policy, policy queries and policy violations. We also describe our implementation of a visualization-based policy analysis tool that supports the functionalities discussed in our framework. In addition, we discuss our study on usability of our tool with evaluation criteria and experimental results.

Original language	English (US)
Pages (from-to)	155-171
Number of pages	17
Journal	International Journal of Information Security
Volume	12
Issue number	3
DOIs	https://doi.org/10.1007/s10207-012-0180-7
State	Published - Jun 2013

Keywords

Policy analysis
SELinux
Visualization-based

ASJC Scopus subject areas

Software
Information Systems
Safety, Risk, Reliability and Quality
Computer Networks and Communications

Access to Document

10.1007/s10207-012-0180-7

Cite this

@article{9b09c4472e2744839b1b67ca99ba48d3,

title = "Visualization-based policy analysis for SELinux: Framework and user study",

abstract = "In this paper, we propose a visualization-based policy analysis framework that enables system administrators to query and visualize security policies and to easily identify the policy violations, especially focused on SELinux. Furthermore, we propose a visual query language for expressing policy queries in a visual form. Our framework provides an intuitive cognitive sense about the policy, policy queries and policy violations. We also describe our implementation of a visualization-based policy analysis tool that supports the functionalities discussed in our framework. In addition, we discuss our study on usability of our tool with evaluation criteria and experimental results.",

keywords = "Policy analysis, SELinux, Visualization-based",

author = "Wenjuan Xu and Mohamed Shehab and Gail-Joon Ahn",

year = "2013",

month = jun,

doi = "10.1007/s10207-012-0180-7",

language = "English (US)",

volume = "12",

pages = "155--171",

journal = "International Journal of Information Security",

issn = "1615-5262",

publisher = "Springer Verlag",

number = "3",

}

TY - JOUR

T1 - Visualization-based policy analysis for SELinux

T2 - Framework and user study

AU - Xu, Wenjuan

AU - Shehab, Mohamed

AU - Ahn, Gail-Joon

PY - 2013/6

Y1 - 2013/6

N2 - In this paper, we propose a visualization-based policy analysis framework that enables system administrators to query and visualize security policies and to easily identify the policy violations, especially focused on SELinux. Furthermore, we propose a visual query language for expressing policy queries in a visual form. Our framework provides an intuitive cognitive sense about the policy, policy queries and policy violations. We also describe our implementation of a visualization-based policy analysis tool that supports the functionalities discussed in our framework. In addition, we discuss our study on usability of our tool with evaluation criteria and experimental results.

AB - In this paper, we propose a visualization-based policy analysis framework that enables system administrators to query and visualize security policies and to easily identify the policy violations, especially focused on SELinux. Furthermore, we propose a visual query language for expressing policy queries in a visual form. Our framework provides an intuitive cognitive sense about the policy, policy queries and policy violations. We also describe our implementation of a visualization-based policy analysis tool that supports the functionalities discussed in our framework. In addition, we discuss our study on usability of our tool with evaluation criteria and experimental results.

KW - Policy analysis

KW - SELinux

KW - Visualization-based

UR - http://www.scopus.com/inward/record.url?scp=84877602217&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84877602217&partnerID=8YFLogxK

U2 - 10.1007/s10207-012-0180-7

DO - 10.1007/s10207-012-0180-7

M3 - Article

AN - SCOPUS:84877602217

SN - 1615-5262

VL - 12

SP - 155

EP - 171

JO - International Journal of Information Security

JF - International Journal of Information Security

IS - 3

ER -

Visualization-based policy analysis for SELinux: Framework and user study

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this