このエントリーをはてなブックマークに追加
ID 60841
FullText URL
LISA09.pdf 212 KB
Author
Nakamura, Yuichi Hitachi Software Engineering Co., Ltd.
Sameshima, Yoshiki Hitachi Software Engineering Co., Ltd.
Tabata, Toshihiro Okayama University ORCID Kaken ID publons researchmap
Abstract
Security policy for SELinux is usually created by customizing a sample policy called refpolicy. However, describing and verifying security policy configurations is difficult because in refpolicy, there are more than 100,000 lines of configurations, thousands of elements such as permissions, macros and labels. The memory footprint of refpolicy which is around 5MB, is also a problem for resource constrained devices. We propose a security policy configuration system SEEdit which facilitates creating security policy by a higher level language called SPDL and SPDL tools. SPDL reduces the number of permissions by integrated permissions and removes label configurations. SPDL tools generate security policy configurations from access logs and tool user’s knowledge about applications. Experimental results on an embedded system and a PC system show that practical security policies are created by SEEdit, i.e., describing configurations is semiautomated, created security policies are composed of less than 500 lines of configurations, 100 configuration elements, and thememory footprint in the embedded system is less than 500KB.
Keywords
security
security policy
configuration
SELinux
Published Date
2009
Publication Title
Proceedings of LISA: Large Installation System Administration Conference
Volume
volume23
Publisher
USENIX Association
Start Page
107
End Page
117
ISBN
9781931971713
Content Type
Conference Paper
Official Url
https://www.usenix.org/conference/lisa-09/seedit-selinux-security-policy-configuration-system-higher-level-language
language
英語
Copyright Holders
© Authors
File Version
publisher