论文信息 - A study on confidentiality and integrity protection of SELinux

A study on confidentiality and integrity protection of SELinux

SELinux is a strong and flexible system with a well-defined MAC architecture. It provides a mechanism to enforce the access control based on confidentiality and integrity requirements which offers an effective protection of information security. This paper describes in what way SELinux uses various models and policies to secure the information safety which different from others, especially from a special perspective to represents how multilevel security policy and type enforcement provide confidentiality and integrity protection.

Xiao Xu | Guozhong Tian | Chuangbai Xiao | Chaoqin Gao

[1] Bill McCarty,et al. Selinux: NSA's Open Source Security Enhanced Linux , 2004 .

[2] Peter Loscocco,et al. Meeting Critical Security Objectives with Security-Enhanced Linux , 2001 .

[3] Trent Jaeger,et al. Policy management using access control spaces , 2003, TSEC.

[4] David Caplan,et al. SELinux by Example: Using Security Enhanced Linux (Prentice Hall Open Source Software Development Series) , 2006 .

[5] Mike Hibler,et al. The Flask Security Architecture: System Support for Diverse Security Policies , 1999, USENIX Security Symposium.

[6] Trent Jaeger,et al. A logical specification and analysis for SELinux MLS policy , 2007, SACMAT '07.

[7] Luigi V. Mancini,et al. Towards a formal model for security policies specification and validation in the selinux system , 2004, SACMAT '04.