IFCIL: An Information Flow Configuration Language for SELinux

Security Enhanced Linux (SELinux) is a security architecture for Linux implementing mandatory access control. It has been used in numerous security-critical contexts ranging from servers to mobile devices. But this is challenging as SELinux security policies are difficult to write, understand, and m...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:2022 IEEE 35th Computer Security Foundations Symposium (CSF) s. 243 - 259
Hlavní autori: Ceragioli, Lorenzo, Galletta, Letterio, Degano, Pierpaolo, Basin, David
Médium: Konferenčný príspevok..
Jazyk:English
Vydavateľské údaje: IEEE 01.08.2022
Predmet:
Access control
Computer architecture
Computer security
Distance measurement
formal methods and verification
information flow control
language based security
Linux
Mobile handsets
SELinux
Servers
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:Security Enhanced Linux (SELinux) is a security architecture for Linux implementing mandatory access control. It has been used in numerous security-critical contexts ranging from servers to mobile devices. But this is challenging as SELinux security policies are difficult to write, understand, and maintain. Recently, the intermediate language CIL was introduced to foster the development of high-level policy languages and to write structured configurations. However, CIL lacks mechanisms for ensuring that the resulting configurations obey desired information flow policies. To remedy this, we propose IFCIL, a backward compatible extension of CIL for specifying fine-grained information flow requirements for CIL configurations. Using IFCIL, administrators can express, e.g., confidentiality, integrity, and non-interference properties. We also provide a tool to statically verify these requirements.
DOI:10.1109/CSF54842.2022.9919690