A Uniform Modeling Pattern for Operating Systems Access Control Policies with an Application to SELinux

Peter Amthor

doi:10.5220/0005551000880099

A Uniform Modeling Pattern for Operating Systems Access Control Policies with an Application to SELinux

Peter Amthor

2015

Abstract

Modern operating systems increasingly rely on enforcing mandatory access control through the use of security policies. Given the critical property of policy correctness in such systems, formal methods and models are applied for both specification and verification of these policies. Due to the heterogeneity of their respective semantics, this is an intricate and error-prone engineering process. However, diverse access control systems on the one hand and diverse formal criteria of correctness on the other hand have so far impeded a unifying framework for this task. This paper presents a step towards this goal. We propose to leverage core-based model engineering, a uniform approach to security policy formalization, and refine it by adding typical semantic abstractions of contemporary policy-controlled operating systems. This results in a simple, yet highly flexible framework for formalization, specification and analysis of operating system security policies. We substantiate this claim by applying our method to the SELinux system and practically demonstrate how to map policy semantics to an instance of the model.

Download

Paper Citation

in Harvard Style

Amthor P. (2015). A Uniform Modeling Pattern for Operating Systems Access Control Policies with an Application to SELinux . In Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015) ISBN 978-989-758-117-5, pages 88-99. DOI: 10.5220/0005551000880099

in Bibtex Style

@conference{secrypt15,
author={Peter Amthor},
title={A Uniform Modeling Pattern for Operating Systems Access Control Policies with an Application to SELinux},
booktitle={Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)},
year={2015},
pages={88-99},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005551000880099},
isbn={978-989-758-117-5},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)
TI - A Uniform Modeling Pattern for Operating Systems Access Control Policies with an Application to SELinux
SN - 978-989-758-117-5
AU - Amthor P.
PY - 2015
SP - 88
EP - 99
DO - 10.5220/0005551000880099