P. Loscocco and S. Smalley, Integrating Flexible Support for Security Policies into the Linux Operating System, in Proceedings of the FREENIX Track of the 2001.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....we have modeled an example security policy in the analysis tool TAME, the kinds of analysis we can support, and prototype mechanical support to enable others to model example security policies in TAME. For an extended version of this paper, see [5] 1 Introduction Security Enhanced (SE) Linux [12, 8] is a modification of Linux initially released by NSA in January, 2001 that extends Linux with a flexible capability for security. SE Linux provides a language for specifying Linux security policies that cover all aspects of the system, including process control, file management, and network ....

....for our model, and our approach to the verification. Finally, Section 7 provides some suggestions as to how, with appropriate enhancements, the SE Linux policy language could better support policy analysis. 2 The SE Linux policy language The SE Linux security policy language is described in [8], part of the documentation accompanying the SE Linux release. We note that this language has changed over time. In this paper, we deal primarily with the language and example policy from the initial release of January 2001, since our initial efforts towards modeling policies were based on this ....

[Article contains additional citation context not shown here]

P. Loscocco and S. Smalley. Integrating flexible support for security policies into the Linux operating system. Technical report, National Security Agency, Jan. 2, 2001.

....flexible solution. It is used in Flask with the intention of separating security policy and enforcement mechanism [58] The main problem of this solution is, that it pollutes the server implementation with calls to the security manager. The Flask security architecture was implemented in SELinux [40]. In SELinux, the list of permissions for file and directory objects have a nearly one to one correspondence to an interface one would use 6 for these objects. This makes approach (3) the most promising approach. Our two example problems would be solved by parsing the path in the client domain. ....

....We call them native permissions. These permissions can be supplemented or replaced by a set of foreign permissions. These permissions could, for example, be access control lists. Because foreign permissions are not supported by the server, there must be a way to store them. The SELinux system [40] uses a file hierarchy in the normal file system to store foreign permissions. There is some scepticism whether a capability based system can be compatible to the JDK (see the discussion of capabilities in [63] We proved that this is possible by implementing a component that implements the ....

P. Loscocco and S. Smalley. Integrating Flexible Support for Security Policies into the Linux Operating System. In Usenix 2001.

....or coarse grained policies [10] Since most policy management tools deal with these low level interfaces, administrators may not have a clear picture of the ramifications of their policy management actions. Dependencies among objects can lead to unexpected side effects and undesirable behavior [11]. Further, the disclosure of security policies may be a breach of security. For example, knowing whether the system is on the lookout for an intruder could actually be a secret. Thus, unauthorized personnel should not be able to know what the security policy might become under a certain ....

P. Loscocco and S. Smalley, "Integrating Flexible Support for Security Policies into the Linux Operating System," presented at Proceedings of the FREENIX Track of the 2001.

....and adapt TAME appropriately to make use of the methodology and TAME feasible for open source developers without deep knowledge of mechanical theorem proving. Our progress in following this approach is detailed below. 3. The Policy Language The SE Linux security policy language is described in [8], part of the documentation accompanying the SE Linux release. The language description in [8] is somewhat informal, and is mostly given by example. Some of the language constructs are not fully defined in [8] however, most of the constructs used in the example policy accompanying the release ....

....developers without deep knowledge of mechanical theorem proving. Our progress in following this approach is detailed below. 3. The Policy Language The SE Linux security policy language is described in [8] part of the documentation accompanying the SE Linux release. The language description in [8] is somewhat informal, and is mostly given by example. Some of the language constructs are not fully defined in [8] however, most of the constructs used in the example policy accompanying the release have reasonably complete descriptions. This section summarizes the language constructs mentioned ....

[Article contains additional citation context not shown here]

P. Loscocco and S. Smalley. Integrating flexible support for security policies into the Linux operating system. Technical report, National Security Agency, Jan. 2, 2001.

No context found.

P. Loscocco and S. Smalley, Integrating Flexible Support for Security Policies into the Linux Operating System, in Proceedings of the FREENIX Track of the 2001.

No context found.

Loscocco, P.; Smalley, S.: Integrating Flexible Support for Security Policies into the Linux Operating System. In: Freenix Track of Usenix Annual Technical Conference. 2001.

No context found.

Loscocco, P. und Smalley, S.: Integrating Flexible Support for Security Policies into the Linux Operating System. In: Freenix Track of Usenix Annual Technical Conference. 2001.

No context found.

P. Loscocco and S. Smalley. Integrating flexible support for security policies into the linux operating system. In Proceedings of the 2001.

No context found.

P. Loscocco and S. Smalley, "Integrating flexible support for security policies into the Linux operating system," in Proceedings of the FREENIX Track of the 2001.

No context found.

P. A. Loscocco and S. D. Smalley. Integrating Flexible Support for Security Policies into the Linux Operating System. In Proceedings of the FREENIX Track: USENIX Annual Technical Conference, June 2001.

No context found.

P. Loscocco and S. Smalley. Integrating Flexible Support for Security Policies into the Linux Operating System. In Proceedings of the FREENIX Track: 2001.

No context found.

P. Loscocco, S. Smallay "Integrating Flexible Support for Security Policies into Linux Operating System" Technical Report, NSA and NAI Labs, Oct 2000.

No context found.

P. Loscocco and S. Smalley. Integrating flexible support for security policies into the Linux operating system. In Proceedings of the FREENIX Track of the 2001.

No context found.

P. Loscocco and S. Smalley. Integrating Flexible Support for Security Policies into the Linux Operating System. In Proceedings of the USENIX Annual Technical Conference, Freenix Track, pages 29--40, June 2001.

No context found.

Loscocco, P., and Smalley, S., Integrating Flexible Support for Security Policies into the Linux Operating System, http://www.nsa.gov/selinux/slinux-abs.html, October 2000.

No context found.

P. Loscocco and S. Smalley. Integrating flexible support for security policies into the Linux operating system. Technical report, National Security Agency, Jan. 2, 2001.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC