首页    期刊浏览 2024年11月29日 星期五
登录注册

文章基本信息

  • 标题:SELinux Security Policy Configuration System with Higher Level Language
  • 本地全文:下载
  • 作者:Yuichi Nakamura ; Yoshiki Sameshima ; Toshihiro Yamauchi
  • 期刊名称:Information and Media Technologies
  • 电子版ISSN:1881-0896
  • 出版年度:2010
  • 卷号:5
  • 期号:4
  • 页码:1349-1360
  • DOI:10.11185/imt.5.1349
  • 出版社:Information and Media Technologies Editorial Board
  • 摘要:Creating security policy for SELinux is difficult because access rules often exceed 10,000 and elements in rules such as permissions and types are understandable only for SELinux experts. The most popular way to facilitate creating security policy is refpolicy which is composed of macros and sample configurations. However, describing and verifying refpolicy based configurations is difficult because complexities of configuration elements still exist, using macros requires expertise and there are more than 100,000 configuration lines. The memory footprint of refpolicy which is around 5MB by default, is also a problem for resource constrained devices. We propose a system called SEEdit which facilitates creating security policy by a higher level language called SPDL and SPDL tools. SPDL reduces the number of permissions by integrated permissions and removes type configurations. SPDL tools generate security policy configurations from access logs and tool user's knowledge about applications. Experimental results on an embedded system and a PC system show that practical security policies are created by SEEdit, i.e., describing configurations is semi-automated, created security policies are composed of less than 500 lines of configurations, 100 configuration elements, and the memory footprint in the embedded system is less than 500KB.
国家哲学社会科学文献中心版权所有