Attack-based Domain Transition Analysis

SE Linux type enforcement policies are widely understood to be large and difficult for humans to understand. Several groups have created tool sets to aid SE Linux policy writers and maintainers in the task of working with SE Linux policies. We propose an attack-based model to look at the transitive domain transitions allowed in the policy. We have augmented Apol, a graph-based policy analysis tool, to implement global transitive domain translation analysis and more focused reduced transitive domain transition graphs between sets of suspect domains and sensitive domains.

[1]  Joshua D. Guttman,et al.  Verifying Information Flow Goals in , 2004 .

[2]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[3]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[4]  Mark Burgess,et al.  Archipelago: A Network Security Analysis Tool , 2003, LISA.

[5]  Stephen Smalley,et al.  Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.