Towards System Integrity Protection with Graph-Based Policy Analysis

Identifying and protecting the trusted computing base (TCB) of a system is an important task, which is typically performed by designing and enforcing a system security policy and verifying whether an existing policy satisfies security objectives. To efficiently support these, an intuitive and cognitive policy analysis mechanism is desired for policy designers or security administrators due to the high complexity of policy configurations in contemporary systems. In this paper, we present a graph-based policy analysis methodology to identify TCBs with the consideration of different system applications and services. Through identifying information flows violating the integrity protection of TCBs, we also propose resolving principles to using our developed graph-based policy analysis tool.

[1]  Marc Green,et al.  Toward a Perceptual Science of Multidimensional Data Visualization : Bertin and Beyond , 1998 .

[2]  Ben Shneiderman,et al.  Network Visualization by Semantic Substrates , 2006, IEEE Transactions on Visualization and Computer Graphics.

[3]  Joshua D. Guttman,et al.  Information Flow in Operating Systems: Eager Formal Methods , 2003 .

[4]  S. Stoller,et al.  Policy Analysis for Security-Enhanced Linux ∗ , 2003 .

[5]  Sylvia L. Osborn Information flow analysis of an RBAC system , 2002, SACMAT '02.

[6]  Trent Jaeger,et al.  Toward Automated Information-Flow Integrity Verification for Security-Critical Applications , 2006, NDSS.

[7]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[8]  Stephen Smalley,et al.  Configuring the SELinux Policy , 2008 .

[9]  He Wang,et al.  Discretionary access control with the administrative role graph model , 2007, SACMAT '07.

[10]  Gail-Joon Ahn,et al.  Visualization based policy analysis: case study in SELinux , 2008, SACMAT '08.

[11]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .

[12]  Timothy Fraser,et al.  LOMAC: Low Water-Mark integrity protection for COTS environments , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[13]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[14]  Trent Jaeger,et al.  Analyzing Integrity Protection in the SELinux Example Policy , 2003, USENIX Security Symposium.

[15]  Gail-Joon Ahn,et al.  Systematic Policy Analysis for High-Assurance Services in SELinux , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[16]  Niels Provos,et al.  Preventing Privilege Escalation , 2003, USENIX Security Symposium.

[17]  Ivan Herman,et al.  Graph Visualization and Navigation in Information Visualization: A Survey , 2000, IEEE Trans. Vis. Comput. Graph..

[18]  Stephen Smalley,et al.  Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.