SELinux Security Policy Configuration System with Higher Level Language
スポンサーリンク
概要
- 論文の詳細を見る
Creating security policy for SELinux is difficult because access rules often exceed 10,000 and elements in rules such as permissions and types are understandable only for SELinux experts. The most popular way to facilitate creating security policy is refpolicy which is composed of macros and sample configurations. However, describing and verifying refpolicy based configurations is difficult because complexities of configuration elements still exist, using macros requires expertise and there are more than 100,000 configuration lines. The memory footprint of refpolicy which is around 5MB by default, is also a problem for resource constrained devices. We propose a system called SEEdit which facilitates creating security policy by a higher level language called SPDL and SPDL tools. SPDL reduces the number of permissions by integrated permissions and removes type configurations. SPDL tools generate security policy configurations from access logs and tool users knowledge about applications. Experimental results on an embedded system and a PC system show that practical security policies are created by SEEdit, i.e., describing configurations is semi-automated, created security policies are composed of less than 500 lines of configurations, 100 configuration elements, and the memory footprint in the embedded system is less than 500KB.
論文 | ランダム
- B-59 当院における高齢者(80歳以上)肺癌の治療成績 : 手術成績と放射線治療成績の比較、手術症例の検討を中心に
- W6-1 肺野末梢型腺癌の脈管侵襲と予後との関連
- 23.放射線治療後の肺全摘の1例(第76回日本肺癌学会中部支部会)
- 症例3 気管支原発の多形腺腫の1例(一般演題)(第18回 日本気管支学会中部支部会)
- 12 イントラネットを活用した放射線科検査マニュアルの作成