IFCIL: An Information Flow Configuration Language for SELinux
Security Enhanced Linux (SELinux) is a security architecture for Linux implementing mandatory access control. It has been used in numerous security-critical contexts ranging from servers to mobile devices. But this is challenging as SELinux security policies are difficult to write, understand, and m...
Uložené v:
| Vydané v: | 2022 IEEE 35th Computer Security Foundations Symposium (CSF) s. 243 - 259 |
|---|---|
| Hlavní autori: | , , , |
| Médium: | Konferenčný príspevok.. |
| Jazyk: | English |
| Vydavateľské údaje: |
IEEE
01.08.2022
|
| Predmet: | |
| On-line prístup: | Získať plný text |
| Tagy: |
Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
|
| Abstract | Security Enhanced Linux (SELinux) is a security architecture for Linux implementing mandatory access control. It has been used in numerous security-critical contexts ranging from servers to mobile devices. But this is challenging as SELinux security policies are difficult to write, understand, and maintain. Recently, the intermediate language CIL was introduced to foster the development of high-level policy languages and to write structured configurations. However, CIL lacks mechanisms for ensuring that the resulting configurations obey desired information flow policies. To remedy this, we propose IFCIL, a backward compatible extension of CIL for specifying fine-grained information flow requirements for CIL configurations. Using IFCIL, administrators can express, e.g., confidentiality, integrity, and non-interference properties. We also provide a tool to statically verify these requirements. |
|---|---|
| AbstractList | Security Enhanced Linux (SELinux) is a security architecture for Linux implementing mandatory access control. It has been used in numerous security-critical contexts ranging from servers to mobile devices. But this is challenging as SELinux security policies are difficult to write, understand, and maintain. Recently, the intermediate language CIL was introduced to foster the development of high-level policy languages and to write structured configurations. However, CIL lacks mechanisms for ensuring that the resulting configurations obey desired information flow policies. To remedy this, we propose IFCIL, a backward compatible extension of CIL for specifying fine-grained information flow requirements for CIL configurations. Using IFCIL, administrators can express, e.g., confidentiality, integrity, and non-interference properties. We also provide a tool to statically verify these requirements. |
| Author | Ceragioli, Lorenzo Basin, David Degano, Pierpaolo Galletta, Letterio |
| Author_xml | – sequence: 1 givenname: Lorenzo surname: Ceragioli fullname: Ceragioli, Lorenzo organization: Università di Pisa,Italy – sequence: 2 givenname: Letterio surname: Galletta fullname: Galletta, Letterio organization: IMT School for Advanced Studies Lucca,Italy – sequence: 3 givenname: Pierpaolo surname: Degano fullname: Degano, Pierpaolo organization: Università di Pisa,Italy – sequence: 4 givenname: David surname: Basin fullname: Basin, David organization: ETH Zurich,Switzerland |
| BookMark | eNotj8tKAzEYhSPoQmufQIS8wIy5TTK_4KKEjg4EXLRdl0wuQ6BNZOygvr1KuzpwvsMH5w5d55IDQo-U1JQSeNKbrhGtYDUjjNUAFCSQK7QE1VIp_xFV8ha99J3uzTNeZdznWKajPaWScXcoX1iXHNM4T-fK2DzOdgz4b4U3a5Py_H2PbqI9fIblJRdo1623-q0y76-9XpkqMcJPlYNWKLCWEOUHB76NzWA5Iyo6xgbnFXMgnAye2CCFiN7RCI7SwB1rgnR8gR7O3hRC2H9M6Winn_3lFP8FIUtGOQ |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/CSF54842.2022.9919690 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 9781665484176 1665484179 |
| EndPage | 259 |
| ExternalDocumentID | 9919690 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IL CBEJK RIE RIL |
| ID | FETCH-LOGICAL-i203t-c98479aa007dbc9d8f5ba3207fc22bcd72c94c6ed0ae644fdc1f9c11e3c25e6c3 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 1 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=001078008100016&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| IngestDate | Thu Jan 18 11:14:01 EST 2024 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i203t-c98479aa007dbc9d8f5ba3207fc22bcd72c94c6ed0ae644fdc1f9c11e3c25e6c3 |
| PageCount | 17 |
| ParticipantIDs | ieee_primary_9919690 |
| PublicationCentury | 2000 |
| PublicationDate | 2022-Aug. |
| PublicationDateYYYYMMDD | 2022-08-01 |
| PublicationDate_xml | – month: 08 year: 2022 text: 2022-Aug. |
| PublicationDecade | 2020 |
| PublicationTitle | 2022 IEEE 35th Computer Security Foundations Symposium (CSF) |
| PublicationTitleAbbrev | CSF |
| PublicationYear | 2022 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| Score | 2.1969993 |
| Snippet | Security Enhanced Linux (SELinux) is a security architecture for Linux implementing mandatory access control. It has been used in numerous security-critical... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 243 |
| SubjectTerms | Access control Computer architecture Computer security Distance measurement formal methods and verification information flow control language based security Linux Mobile handsets SELinux Servers |
| Title | IFCIL: An Information Flow Configuration Language for SELinux |
| URI | https://ieeexplore.ieee.org/document/9919690 |
| WOSCitedRecordID | wos001078008100016&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1NSwMxEB3a4sGTSit-k4NH0-5ms7uN4EFKFwulFKrSW0kmiRRkK3VX_fkmu0tF8OJtCBNCZg5vZjIvA3AtucuME4bUcqkpTxCpcrBLZeyzCxZxrF7wn6fpbDZcLsW8BTc7Lowxpmo-M30vVm_5eoOlL5UNXCwjXDbXhnaaJjVXqyHlhIEYjBaZC7-5Z1cx1m90fw1NqTAjO_jfaYfQ-yHfkfkOVo6gZfIu3E2y0WR6S-5z0hCIvEFJ9rr5JH7f-qWsXUmmTQGSOC2yGLtcs_zqwVM2fhw90GbyAV2zICooCgcaQkoH4Fqh0EMbKxmxILXImEKdMhQcE6MDaZxlrcbQCgxDEyGLTYLRMXTyTW5OgMQKJcZaRdZqzk0oLVqOxkk6VYnQp9D1V1-91Z9brJpbn_29fA773rp1B9wFdIptaS5hDz-K9fv2qvLIN8bBj1s |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3fS8MwED7mFPRJZRN_mwcfzdamabsIPshY2bCOwabsbaSXRAbSyVzVP9-kKxPBF9-OcCHk7uG7u9yXA7iW3GbGEUNquFSUR4g0s7BLZeiyCxZwLF_wn9N4OOxMp2JUg5sNF0ZrXTaf6ZYTy7d8tcDClcraNpYRNpvbgm03Oatia1W0HN8T7e44sQE4d_wqxlqV9q-xKSVqJPv_O-8Amj_0OzLaAMsh1HTegLtB0h2kt-Q-JxWFyJmUJK-LT-L2zV-KtTNJWpUgidUi457NNouvJjwlvUm3T6vZB3TOvGBFUVjYEFJaCFcZCtUxYSYD5sUGGctQxQwFx0grT2prW6PQNwJ9XwfIQh1hcAT1fJHrYyBhhhJDlQXGKM61Lw0ajtpKKs4ioU6g4a4-e1t_bzGrbn369_IV7PYnj-ksHQwfzmDPWXrdD3cO9dWy0Bewgx-r-fvysvTON24okqQ |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2022+IEEE+35th+Computer+Security+Foundations+Symposium+%28CSF%29&rft.atitle=IFCIL%3A+An+Information+Flow+Configuration+Language+for+SELinux&rft.au=Ceragioli%2C+Lorenzo&rft.au=Galletta%2C+Letterio&rft.au=Degano%2C+Pierpaolo&rft.au=Basin%2C+David&rft.date=2022-08-01&rft.pub=IEEE&rft.spage=243&rft.epage=259&rft_id=info:doi/10.1109%2FCSF54842.2022.9919690&rft.externalDocID=9919690 |