SELinux Security Policy Configuration System with Higher Level Language
スポンサーリンク
概要
- 論文の詳細を見る
Creating security policy for SELinux is difficult because access rules often exceed 10,000 and elements in rules such as permissions and types are understandable only for SELinux experts. The most popular way to facilitate creating security policy is refpolicy which is composed of macros and sample configurations. However, describing and verifying refpolicy based configurations is difficult because complexities of configuration elements still exist, using macros requires expertise and there are more than 100,000 configuration lines. The memory footprint of refpolicy which is around 5MB by default, is also a problem for resource constrained devices. We propose a system called SEEdit which facilitates creating security policy by a higher level language called SPDL and SPDL tools. SPDL reduces the number of permissions by integrated permissions and removes type configurations. SPDL tools generate security policy configurations from access logs and tool users knowledge about applications. Experimental results on an embedded system and a PC system show that practical security policies are created by SEEdit, i.e., describing configurations is semi-automated, created security policies are composed of less than 500 lines of configurations, 100 configuration elements, and the memory footprint in the embedded system is less than 500KB.
論文 | ランダム
- 身体動作に連動した視点変更機能を用いた落下運動の学習支援システム (新しいメディア/デバイスを活用した学習支援環境)
- 新規就農生活体験ゲームの開発
- ビデオゲームのゲーム性と技術の進歩
- 動物の視覚コミュニケーションと構造色(構造色の原理,その生物的意義と応用)
- 視覚心理・視覚生理-5 内装仕上げ材の視覚的質感に及ぼす照明の影響