Verifying information flow goals in Security-Enhanced Linux | Zendy

Joshua D. Guttman | Zendy; Amy L. Herzog | Zendy; John D. Ramsdell | Zendy; Clement William Skorupka | Zendy

AI Assistant Blog Pricing

Home ZAIA Blog

Open Access

Verifying information flow goals in Security-Enhanced Linux

Author(s) -

Joshua D. Guttman,

Amy L. Herzog,

John D. Ramsdell,

Clement William Skorupka

Publication year - 2005

Publication title -

journal of computer security

Language(s) - English

Resource type - Journals

SCImago Journal Rank - 0.201

H-Index - 56

eISSN - 1875-8924

pISSN - 0926-227X

DOI - 10.3233/jcs-2005-13105

Subject(s) - computer science , information flow , operating system , information security , computer security , programming language , software engineering , philosophy , linguistics

In this paper, we present a systematic way to determine the information flow security goals achieved by systems running a secure O/S, specifically systems running Security-Enhanced Linux. A formalization of the access control mechanism of the SELinux security server, together with a labeled transition system representing an SELinux configuration, provides our framework. Information flow security goal statements expressed in linear temporal logic provide a clear description of the objectives that SELinux is intended to achieve. We use model checking to determine whether security goals hold in a given system. These formal models combined with appropriate algorithms have led to automated tools for the verification of security properties in an SELinux system. Our approach has been used in other security management contexts over the past decade, under the name rigorous automated security management.

The content you want is available to Zendy users.

Already have an account? Click here to sign in.

Having issues? You can contact us here

Accelerating Research