NSA's Security-Enhanced (SE) Linux enhances Linux by providing a specification language for security policies and a Flask-like architecture with a security server for enforcing policies defined in the language. It is natural for users to expect to be able to analyze the properties of a policy from its specification in the policy language. But this language is very low level, making the high level properties of a policy difficult to deduce by inspection. For this reason, tools to help users with the analysis are necessary. The NRL project on analyzing SE Linux policies aims first to use mechanized support to analyze an example policy specification and then to customize this support for use by practitioners in the open source software co...
We describe a system called Miro for specifying and checking security constraints. Our system is gen...
International audienceThis paper presents a comparative study of policy specification lan- guages. O...
Host compromise is a serious computer security problem today. To better protect hosts, several Manda...
Most of the statements in the current SELinux policy language operate directly on features of the un...
The protection mechanisms of current mainstream operating systems are inadequate to support confiden...
The evolution of technological progress continually presents new information security challenges for...
During our fieldwork with real-world organizations---including those in Public Key Infrastructure (P...
Significant progress toward general acceptance of applying mandatory access control to systems has b...
This thesis deals with technologies of SELinux security policy writing. Furthermore the thesis analy...
To my father Angelo (Tito) This thesis addresses the problem of statically verifying and enforcing a...
Whether a particular computing installation meets its security goals depends on whether the administ...
Security Policies constitute the core of network protection infrastructures. However, their developm...
The paper presents ConSpec, an automata based policy specification language. The language trades off...
To my father Angelo (Tito) This thesis addresses the problem of statically verifying and enforcing a...
Abstract Security policies are ubiquitous in information systems and more generally in the managemen...
We describe a system called Miro for specifying and checking security constraints. Our system is gen...
International audienceThis paper presents a comparative study of policy specification lan- guages. O...
Host compromise is a serious computer security problem today. To better protect hosts, several Manda...
Most of the statements in the current SELinux policy language operate directly on features of the un...
The protection mechanisms of current mainstream operating systems are inadequate to support confiden...
The evolution of technological progress continually presents new information security challenges for...
During our fieldwork with real-world organizations---including those in Public Key Infrastructure (P...
Significant progress toward general acceptance of applying mandatory access control to systems has b...
This thesis deals with technologies of SELinux security policy writing. Furthermore the thesis analy...
To my father Angelo (Tito) This thesis addresses the problem of statically verifying and enforcing a...
Whether a particular computing installation meets its security goals depends on whether the administ...
Security Policies constitute the core of network protection infrastructures. However, their developm...
The paper presents ConSpec, an automata based policy specification language. The language trades off...
To my father Angelo (Tito) This thesis addresses the problem of statically verifying and enforcing a...
Abstract Security policies are ubiquitous in information systems and more generally in the managemen...
We describe a system called Miro for specifying and checking security constraints. Our system is gen...
International audienceThis paper presents a comparative study of policy specification lan- guages. O...
Host compromise is a serious computer security problem today. To better protect hosts, several Manda...