Academic Journal
Verifying Information Flow Goals in Security-Enhanced Linux
| العنوان: | Verifying Information Flow Goals in Security-Enhanced Linux |
|---|---|
| المؤلفون: | Joshua D. Guttman, Amy L. Herzog, John D. Ramsdell, Clement W. Skorupka |
| المساهمون: | The Pennsylvania State University CiteSeerX Archives |
| المصدر: | http://www.ccs.neu.edu/home/guttman/selinux.ps. |
| سنة النشر: | 2004 |
| المجموعة: | CiteSeerX |
| الوصف: | In this paper, we present a systematic way to determine the information ow security goals achieved by systems running a secure O/S, speci cally systems running Security-Enhanced Linux. A formalization of the access control mechanism of the SELinux security server, together with a labeled transition system representing an SELinux con guration, provides our framework. Information ow security goal statements expressed in linear temporal logic provide a clear description of the objectives that SELinux is intended to achieve. We use model checking to determine whether security goals hold in a given system. These formal models combined with appropriate algorithms have led to automated tools for the veri cation of security properties in an SELinux system. Our approach has been used in other security management contexts over the past decade, under the name rigorous automated security management. |
| نوع الوثيقة: | text |
| وصف الملف: | application/postscript |
| اللغة: | English |
| Relation: | http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.8.1699; http://www.ccs.neu.edu/home/guttman/selinux.ps |
| الاتاحة: | http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.8.1699 http://www.ccs.neu.edu/home/guttman/selinux.ps |
| Rights: | Metadata may be used without restrictions as long as the oai identifier remains attached to it. |
| رقم الانضمام: | edsbas.A3DE9273 |
| قاعدة البيانات: | BASE |
| الوصف غير متاح. |