Review of Existing Analysis Tools for SELinux Security Policies: Challenges and a Proposed Solution

  title={Review of Existing Analysis Tools for SELinux Security Policies: Challenges and a Proposed Solution},
  author={Amir Eaman and Bahman Sistany and Amy P. Felty},
Access control policy management is an increasingly hard problem from both the security point of view and the verification point of view. SELinux is a Linux Security Module (LSM) implementing a mandatory access control mechanism. SELinux integrates user identity, roles, and type security attributes for stating rules in security policies. As SELinux policies are developed and maintained by security administrators, they often become quite complex, and it is important to carefully analyze them in… 

Formal Verification of a Certified Policy Language

A certified policy language, called TEpla, with formal semantics and simple language constructs, which is leveraged to express and formally verify properties about complex security goals and is a crucial step toward developing certifiably correct policy-related tools for Type Enforcement policies.

TEpla: A Certified Type Enforcement Access-Control Policy Language

A small and certifiably correct TE policy language, TEpla, is proposed as an appropriate candidate for the primary access control feature of SELinux, Type Enforcement, and can provide ease of use, analysis, and verification of its properties, exposing ease of reasoning and allowing verification.

Integrating RBAC, MIC, and MLS in Verified Hierarchical Security Model for Operating System

This paper presents results of development of a hierarchical integrated model of access control and information flows (HIMACF), which provides a holistic integration of RBAC, MIC, and MLS preserving key security properties of all those mechanisms.

FlowConSEAL: Automatic Flow Consistency Analysis of SEAndroid and SELinux Policies

An algorithm for reasoning about the consistency of a given policy by analysing the information flows implied by it by using the Readers-Writers Flow Model (RWFM), which identifies all possible indirect flows due to agiven policy that could lead to inconsistency.

Formal Modeling of Multi-Level Security and Integrity Control Implemented with SELinux

The paper presents formal security model of Linux distributions provided by Bazealt SPO, which integrates multi-level security (MLS) and mandatory integrity control (MIC) implemented on the base of

A Certified Core Policy Language

The design and implementation of a Certified Core Policy Language (ACCPL) that can be used to express access-control policies is presented and the Coq Proof Assistant is used to state theorems about this semantics, to develop proofs and to machine-check the proofs ensuring correctness guarantees are provided.

BigMAC: Fine-Grained Policy Analysis of Android Firmware

A framework called BIGMAC is created that combines and instantiates all layers of the policy together in a fine grained graph supporting millions of edges, and develops attack queries to discover sets of objects that can be influenced by untrusted applications and external peripherals.

Analysis of SEAndroid Policies: Combining MAC and DAC in Android

This paper applies an approach to analyze SEAndroid policies in conjunction with the underlying Linux/Unix Discretionary Access Control policies to four different versions of Android Open Source Project (AOSP) as well as devices from seven different manufacturers, and finds several forms of unintentional privilege assignments.

Verification and Evaluation of Computer and Communication Systems: 14th International Conference, VECoS 2020, Xi'an, China, October 26–27, 2020, Proceedings

This work proposes an algorithm that a reduced supervisor can be separated from the supremal supervisor if a sufficient condition is satisfied, and the algorithm for checking the necessary condition is presented.



Information Flow Query and Verification for Security Policy of Security-Enhanced Linux

A method to transform the SELinux policy and security goal into Policy CPN Diagram and Query CPNDiagram and a simple query language to help administrators to express the expected/unexpected information flow is developed.

SCIATool: A Tool for Analyzing SELinux Policies Based on Access Control Spaces, Information Flows and CPNs

A prototype of SELinux policies Configuration Integrated Analysis Tool is designed and implemented by integrating these three methods together, i.e. SCIATool, which can be exploited together and complementarily.

SEEdit: SELinux Security Policy Configuration System with Higher Level Language

A security policy configuration system SEEdit is proposed which facilitates creating security policy by a higher level language called SPDL and SPDL tools which generate security policy configurations from access logs and tool user's knowledge about applications.

Towards a formal model for security policies specification and validation in the selinux system

This paper presents a formal model, called SELAC, for analyzing an arbitrary security policy configuration for the SELinux system and defines semantics for the constructs of the Selinux configuration language and model the relationships occurring among sets of configuration rules.

Verifying information flow goals in Security-Enhanced Linux

A formalization of the access control mechanism of the SELinux security server, together with a labeled transition system representing an Selinux configuration, provides the framework for determining information flow security goals achieved by systems running a secure O/S, specifically systems running Security-Enhanced Linux.

Modeling security-enhanced Linux policy specifications for analysis

The paper summarizes how the NRL project on analyzing SE Linux security policies has modeled an example security policy in the analysis tool TAME, the kinds of analysis it can support, and prototype mechanical support to enable others to model example security policies in TAME.

SELinux by Example: Using Security Enhanced Linux (Prentice Hall Open Source Software Development Series)

Selinux by Example is the first complete, hands-on guide to using SELinux in production environments, and thoroughly explains S ELinux sample policies- including the powerful new Reference Policy- showing how to quickly adapt them to your unique environment.

SPTrack: Visual Analysis of Information Flows within SELinux Policies and Attack Logs

Combining both visualization tools that could benefit from the expert's eyes, and software analysis abilities, should lead to a new interesting way to study and manage security policies as well as users' sessions, according to intuition.

EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning

This paper proposes EASEAndroid, the first SEAndroid analytic platform for automatic policy analysis and refinement, and key insight is that the policy refinement process can be modeled and automated using semi-supervised learning.

Towards System Integrity Protection with Graph-Based Policy Analysis

This paper presents a graph-based policy analysis methodology to identify TCBs with the consideration of different system applications and services and proposes resolving principles to using the developed graph- based policy analysis tool.