Visualization-based policy analysis for SELinux

Framework and user study

Wenjuan Xu, Mohamed Shehab, Gail-Joon Ahn

Research output: Contribution to journalArticle

7 Citations (Scopus)

Abstract

In this paper, we propose a visualization-based policy analysis framework that enables system administrators to query and visualize security policies and to easily identify the policy violations, especially focused on SELinux. Furthermore, we propose a visual query language for expressing policy queries in a visual form. Our framework provides an intuitive cognitive sense about the policy, policy queries and policy violations. We also describe our implementation of a visualization-based policy analysis tool that supports the functionalities discussed in our framework. In addition, we discuss our study on usability of our tool with evaluation criteria and experimental results.

Original languageEnglish (US)
Pages (from-to)155-171
Number of pages17
JournalInternational Journal of Information Security
Volume12
Issue number3
DOIs
StatePublished - Jun 2013

Fingerprint

Visualization
Query languages

Keywords

  • Policy analysis
  • SELinux
  • Visualization-based

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software
  • Information Systems
  • Safety, Risk, Reliability and Quality

Cite this

Visualization-based policy analysis for SELinux : Framework and user study. / Xu, Wenjuan; Shehab, Mohamed; Ahn, Gail-Joon.

In: International Journal of Information Security, Vol. 12, No. 3, 06.2013, p. 155-171.

Research output: Contribution to journalArticle

@article{9b09c4472e2744839b1b67ca99ba48d3,
title = "Visualization-based policy analysis for SELinux: Framework and user study",
abstract = "In this paper, we propose a visualization-based policy analysis framework that enables system administrators to query and visualize security policies and to easily identify the policy violations, especially focused on SELinux. Furthermore, we propose a visual query language for expressing policy queries in a visual form. Our framework provides an intuitive cognitive sense about the policy, policy queries and policy violations. We also describe our implementation of a visualization-based policy analysis tool that supports the functionalities discussed in our framework. In addition, we discuss our study on usability of our tool with evaluation criteria and experimental results.",
keywords = "Policy analysis, SELinux, Visualization-based",
author = "Wenjuan Xu and Mohamed Shehab and Gail-Joon Ahn",
year = "2013",
month = "6",
doi = "10.1007/s10207-012-0180-7",
language = "English (US)",
volume = "12",
pages = "155--171",
journal = "International Journal of Information Security",
issn = "1615-5262",
publisher = "Springer Verlag",
number = "3",

}

TY - JOUR

T1 - Visualization-based policy analysis for SELinux

T2 - Framework and user study

AU - Xu, Wenjuan

AU - Shehab, Mohamed

AU - Ahn, Gail-Joon

PY - 2013/6

Y1 - 2013/6

N2 - In this paper, we propose a visualization-based policy analysis framework that enables system administrators to query and visualize security policies and to easily identify the policy violations, especially focused on SELinux. Furthermore, we propose a visual query language for expressing policy queries in a visual form. Our framework provides an intuitive cognitive sense about the policy, policy queries and policy violations. We also describe our implementation of a visualization-based policy analysis tool that supports the functionalities discussed in our framework. In addition, we discuss our study on usability of our tool with evaluation criteria and experimental results.

AB - In this paper, we propose a visualization-based policy analysis framework that enables system administrators to query and visualize security policies and to easily identify the policy violations, especially focused on SELinux. Furthermore, we propose a visual query language for expressing policy queries in a visual form. Our framework provides an intuitive cognitive sense about the policy, policy queries and policy violations. We also describe our implementation of a visualization-based policy analysis tool that supports the functionalities discussed in our framework. In addition, we discuss our study on usability of our tool with evaluation criteria and experimental results.

KW - Policy analysis

KW - SELinux

KW - Visualization-based

UR - http://www.scopus.com/inward/record.url?scp=84877602217&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84877602217&partnerID=8YFLogxK

U2 - 10.1007/s10207-012-0180-7

DO - 10.1007/s10207-012-0180-7

M3 - Article

VL - 12

SP - 155

EP - 171

JO - International Journal of Information Security

JF - International Journal of Information Security

SN - 1615-5262

IS - 3

ER -