SELinux security policies are powerful tools to implement properties such as process confinement and least privilege. They can also be used to support MLS policies on SELinux. However, the policies are very complex, and creating them is a difficult and error-prone process. Furthermore, it is not possible to state explicit constraints on an SELinux policy such as “information flowing to the network must be encrypted”. We present two related Domain Specific Languages (DSL) to make it much easier to specify SELinux security policies. The first DSL is called Lobster. Lobster allows the user to state an information flow policy at a very high level of abstraction, and then refine the policy into lower and lower levels until it can be translated b...
Abstract—Recently, dynamic access control models are pro-posed to restrict access domain appropriate...
In this paper, we present a systematic way to determine the infor-mation flow security goals achieve...
A security policy presents a critical component of the overall security architecture and an essentia...
Expressing security architectures that meet required security goals for a system in SELinux policy l...
This paper presents a formal model, called SELAC, for analyzing an arbitrary security policy configu...
Usage of Network services and network stack-based applications on Linux systems are increasing rapi...
Security Enhanced Linux (SELinux) is a security architecture for Linux implementing mandatory access...
Abstract—An operating system designed under the criteria of the class A1, consists of a collection o...
Significant progress toward general acceptance of applying mandatory access control to systems has b...
Most of the statements in the current SELinux policy language operate directly on features of the un...
Security policy for SELinux is usually created by customizing a sample policy called refpolicy. Howe...
System administrators specify the access control policy they want and implement the relevant configu...
The challenge of maintaining a secure and usable sys-tem in a hostile environment makes self-defendi...
Ab5troct- In the past, operating systems tended to lack well-defined access control policy specifica...
This master's thesis describes the problems of SELinux, and the methods of creation of a proper secu...
Abstract—Recently, dynamic access control models are pro-posed to restrict access domain appropriate...
In this paper, we present a systematic way to determine the infor-mation flow security goals achieve...
A security policy presents a critical component of the overall security architecture and an essentia...
Expressing security architectures that meet required security goals for a system in SELinux policy l...
This paper presents a formal model, called SELAC, for analyzing an arbitrary security policy configu...
Usage of Network services and network stack-based applications on Linux systems are increasing rapi...
Security Enhanced Linux (SELinux) is a security architecture for Linux implementing mandatory access...
Abstract—An operating system designed under the criteria of the class A1, consists of a collection o...
Significant progress toward general acceptance of applying mandatory access control to systems has b...
Most of the statements in the current SELinux policy language operate directly on features of the un...
Security policy for SELinux is usually created by customizing a sample policy called refpolicy. Howe...
System administrators specify the access control policy they want and implement the relevant configu...
The challenge of maintaining a secure and usable sys-tem in a hostile environment makes self-defendi...
Ab5troct- In the past, operating systems tended to lack well-defined access control policy specifica...
This master's thesis describes the problems of SELinux, and the methods of creation of a proper secu...
Abstract—Recently, dynamic access control models are pro-posed to restrict access domain appropriate...
In this paper, we present a systematic way to determine the infor-mation flow security goals achieve...
A security policy presents a critical component of the overall security architecture and an essentia...