TY - GEN
T1 - A logical specification and analysis for SELinux MLS policy
AU - Hicks, Boniface
AU - Rueda, Sandra
AU - St. Clair, Luke
AU - Jaeger, Trent
AU - McDaniel, Patrick
PY - 2007
Y1 - 2007
N2 - The SELinux mandatory access control (MAC) policy has recently added a multi-level security (MLS) model which is able to express a fine granularity of control over a subject's access rights. The problem is that the richness of this policy makes it impractical to verify, by hand, that a given policy has certain important information flow properties or is compliant with another policy. To address this, we have modeled the SELinux MLS policy using a logical specification and implemented that specification in the Prolog language. Furthermore, we have developed some analyses for testing the properties of a given policy as well an algorithm to determine whether one policy is compliant with another. We have implemented these analyses in Prolog and compiled our implementation into a tool for SELinux MLS policy analysis, called PALMS. Using PALMS, we verified some important properties of the SELinux MLS reference policy, namely that it satisfies the simple security condition and -property defined by Bell and LaPadula [2].
AB - The SELinux mandatory access control (MAC) policy has recently added a multi-level security (MLS) model which is able to express a fine granularity of control over a subject's access rights. The problem is that the richness of this policy makes it impractical to verify, by hand, that a given policy has certain important information flow properties or is compliant with another policy. To address this, we have modeled the SELinux MLS policy using a logical specification and implemented that specification in the Prolog language. Furthermore, we have developed some analyses for testing the properties of a given policy as well an algorithm to determine whether one policy is compliant with another. We have implemented these analyses in Prolog and compiled our implementation into a tool for SELinux MLS policy analysis, called PALMS. Using PALMS, we verified some important properties of the SELinux MLS reference policy, namely that it satisfies the simple security condition and -property defined by Bell and LaPadula [2].
UR - http://www.scopus.com/inward/record.url?scp=34548045083&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=34548045083&partnerID=8YFLogxK
U2 - 10.1145/1266840.1266854
DO - 10.1145/1266840.1266854
M3 - Conference contribution
AN - SCOPUS:34548045083
SN - 1595937455
SN - 9781595937452
T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
SP - 91
EP - 100
BT - SACMAT'07
T2 - SACMAT'07: 12th ACM Symposium on Access Control Models and Technologies
Y2 - 20 June 2007 through 22 June 2007
ER -