A Practical Alternative to Domain and Type Enforcement Integrity Formal Models

Much secure system policy development uses the DTE (Domain and Type Enforcement) model, but the DTE model cannot explicitly provide the security goals of the policy. The invariants of the only based-DTE integrity protection formal model are too complex and make the model impractical. A DTE-Biba integrity formal model is proposed, in which DTE is the underlying component and the Biba integrity is the security goal. The DTE-Biba formal model describes direct Biba control relationships, and ignores the integrity level of objects. The aim is to provide the foundation for supporting effective policy configuration, policy integrity analysis and integrity verification of the DTE secure systems.

[1]  Trent Jaeger,et al.  Analyzing Integrity Protection in the SELinux Example Policy , 2003, USENIX Security Symposium.

[2]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[3]  Daniel F. Sterne,et al.  A Domain and Type Enforcement UNIX Prototype , 1995, Comput. Syst..

[4]  Marshall D. Abrams,et al.  Trusted system concepts , 1995, Comput. Secur..

[5]  Phil Kearns,et al.  Domain and Type Enforcement for Linux , 2000, Annual Linux Showcase & Conference.

[6]  Yeping He,et al.  A formal model for integrity protection based on DTE technique , 2006, Science in China Series F: Information Sciences.

[7]  Peter Loscocco,et al.  Meeting Critical Security Objectives with Security-Enhanced Linux , 2001 .

[8]  Trent Jaeger,et al.  Policy management using access control spaces , 2003, TSEC.