IFCIL: An Information Flow Configuration Language for SELinux

Security Enhanced Linux (SELinux) is a security architecture for Linux implementing mandatory access control. It has been used in numerous security-critical contexts ranging from servers to mobile devices. But this is challenging as SELinux security policies are difficult to write, understand, and m...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:2022 IEEE 35th Computer Security Foundations Symposium (CSF) s. 243 - 259
Hlavní autoři: Ceragioli, Lorenzo, Galletta, Letterio, Degano, Pierpaolo, Basin, David
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 01.08.2022
Témata:
Access control
Computer architecture
Computer security
Distance measurement
formal methods and verification
information flow control
language based security
Linux
Mobile handsets
SELinux
Servers
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Security Enhanced Linux (SELinux) is a security architecture for Linux implementing mandatory access control. It has been used in numerous security-critical contexts ranging from servers to mobile devices. But this is challenging as SELinux security policies are difficult to write, understand, and maintain. Recently, the intermediate language CIL was introduced to foster the development of high-level policy languages and to write structured configurations. However, CIL lacks mechanisms for ensuring that the resulting configurations obey desired information flow policies. To remedy this, we propose IFCIL, a backward compatible extension of CIL for specifying fine-grained information flow requirements for CIL configurations. Using IFCIL, administrators can express, e.g., confidentiality, integrity, and non-interference properties. We also provide a tool to statically verify these requirements.
DOI:10.1109/CSF54842.2022.9919690