A logical specification and analysis for SELinux MLS policy

Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Volumn , Issue , 2007, Pages 91-100

  Hicks, Boniface ^a   Rueda, Sandra ^a   St Clair, Luke ^a   Jaeger, Trent ^a   McDaniel, Patrick ^a  

^a PENNSYLVANIA STATE UNIVERSITY   (United States)

Author keywords

Multi level security; Policy analysis; Policy compliance; SELinux

Indexed keywords

COMPUTER PROGRAMMING LANGUAGES; DATA FLOW ANALYSIS; LOGIC PROGRAMMING; PROBLEM SOLVING; SECURITY OF DATA;

MULTI-LEVEL SECURITY; POLICY ANALYSIS; POLICY COMPLIANCES; SELINUX;

COMPUTER OPERATING SYSTEMS;

EID: 34548045083     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1266840.1266854     Document Type: Conference Paper

References (24)

1. XSB: Logic programming and deductive database system for Unix and Windows. Add data for field: Note.
2. D.E. Bell and L.J. Lapadula. Secure computer systems: Mathematical foundations and model. Technical report, MITRE, 1973.
3. Data General Corporation, Westboro, MA. Managing Security on DG/UX System, November 1996. Manual 093-701139-04.
4. FreeBSD Foundation. SEBSD: Port of SELinux FLASK and type enforcement to TrustedBSD. http://www.trustedbsd.org/sebsd.html.
5. Joshua D. Guttman, Amy L. Herzog, John D. Ramsdell, and Clement W. Skorupka. Verifying information flow goals in security-enhanced linux. J. Comput. Secur., 13(1):115-134, 2005.
6. Chad Hanson. SELinux and MLS: Putting the Pieces Together. Technical Report NAI-02-007, Trusted Computer Solutions, Inc., 2006.
7. Boniface Hicks, Sandra Rueda, Trent Jaeger, and Patrick McDaniel. From trusted to secure: Building and executing applications that enforce system security. In Proceedings of the USENIX Annual Technical Conference, Santa Clara, CA, USA, June 2007. To appear.
8. Boniface Hicks, Sandra Rueda, Luke St. Clair, Trent Jaeger, and Patrick McDaniel. A logical specification and analysis for SELinux MLS policy. Technical Report NAS-TR-0058-2007, Networking and Security Research Center, Department of Computer Science, Pennsylvania State University, 2007.
9. Trent Jaeger, Antony Edwards, and Xiaolan Zhang. Managing access control policies using access control spaces. In SACMAT '02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, pages 3-12. ACM Press, 2002.
10. Trent Jaeger, Antony Edwards, and Xiaolan Zhang. Policy management using access control spaces. ACM Trans. Inf. Syst. Secur., 6(3):327-364, 2003.
11. Trent Jaeger, Patrick McDaniel, Luke St.Clair, Ramon Caceres, and Reiner Sailer. Shame on trust in distributed systems. In Proceedings of the First Workshop on Hot Topics in Security (HotSec '06), Vancouver, B.C., Canada, July 2006.
12. P. Loscocco, S. Smalley, P. Muckelbauer, R. Tayler, J. Turner, and J. Farrel. The inevitability of failure: The flawed assumptions of security modern computing environments. In In Proceedings of the 21st National Information Systems Security Conference, 1998.
13. Sun Microsystems. Solaris trusted extensions. http://www.sun.com.
14. Sun Microsystems. Trusted solaris operating environment - a technical overview. http://www.sun.com.
15. Security-enhanced Linux. http ://www.nsa.gov/selinux.
16. Andrei Sabelfeld and Andrew C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5-19, January 2003.
17. Beata Sarna-Starosta and Scott D. Stoller. Policy analysis for security-enhanced linux. In Proceedings of the 2004 Workshop on Issues in the Theory of Security (WITS), pages 1-12, April 2004.
18. Stephen Smalley. Configuring the SELinux Policy.
19. Stephen Smalley. Configuring the SELinux Policy. Technical Report NAI-02-007, National Security Agency - NSA, February 2002.
20. Stephen Smalley, Chris Vance, and Wayne Salamon. Implementing SELinux as a linux security module. Technical Report 01-043, NAI Labs, 2001.
21. R. Spencer, S. Smalley, P. Loscocco, M. Hibler, D. Andersen, and J. Lapreau. The flask security architecture: System support for diverse security policies. In Proceedings of the 8th USENIX Security Symposium, pages 123-139, August 1999.
22. Tresys Technology. Setools - policy analysis tools for selinux. available at http://oss.tresys.com/projects/setools.
23. Christopher Vance, Todd Miller, and Rob Dekelbaum. Security-enhanced darwin: Porting selinux to mac os x. In Proceedings of the Third Annual Security Enhanced Linux Symposium, Baltimore, MD, USA, March 2007.
24. Giorgio Zanin and Luigi Vincenzo Mancini. Towards a formal model for security policies specification and validation in the selinux system. In SACMAT '04: Proceedings of the ninth ACM symposium on Access control models and technologies, pages 136-145, New York, NY, USA, 2004. ACM Press.