Filters








251 Hits in 4.7 sec

Review of Existing Analysis Tools for SELinux Security Policies: Challenges and a Proposed Solution [chapter]

Amir Eaman, Bahman Sistany, Amy Felty
2017 Lecture Notes in Business Information Processing  
There are many existing analysis tools for modeling and analyzing SELinux policies with the goal of answering specific safety and functionality questions.  ...  In this paper, we identify and highlight current gaps in these existing tools for SELinux policy analysis, and propose new tools and technologies with the potential to lead to significant improvements.  ...  Financial support from the Network of Centres of Excellence (MITACS) and Irdeto Canada is gratefully acknowledged.  ... 
doi:10.1007/978-3-319-59041-7_7 fatcat:5bbqdqjasrg7jn4qq2rhj577iy

Pastures: Towards Usable Security Policy Engineering

Sergey Bratus, Alex Ferguson, Doug McIlroy, Sean Smith
2007 The Second International Conference on Availability, Reliability and Security (ARES'07)  
by complicated analysis tools.  ...  We argue that it has a number of properties that are better from the usability point of view. We implemented this approach as a patch for the 2.6 Linux kernel.  ...  Thanks We would like to thank George Bakos for many useful discussions. This research program is a part of the Institute for Security  ... 
doi:10.1109/ares.2007.114 dblp:conf/IEEEares/BratusFMS07 fatcat:qrk6xdxffzhzdhzrm3iuboz6um

Take Only What You Need: Leveraging Mandatory Access Control Policy to Reduce Provenance Storage Costs

Adam Bates, Kevin R. B. Butler, Thomas Moyer
2015 Workshop on the Theory and Practice of Provenance  
In this work, we propose a novel approach to policy-based provenance pruning -leverage the confinement properties provided by Mandatory Access Control (MAC) systems in order to identify subdomains of system  ...  We go on to identify the design challenges in implementing such a mechanism.  ...  Acknowledgements We would like to thank Rob Cunningham, Alin Dobra, Patrick McDaniel, Daniela Oliveira, Nabil Schear, and Patrick Traynor for their valuable comments and insight, as well as Devin Pohly  ... 
dblp:conf/tapp/BatesBM15 fatcat:opxr3bhkwzfuplgsjtfxfs2viy

EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning

Ruowen Wang, William Enck, Douglas S. Reeves, Xinwen Zhang, Peng Ning, Dingbang Xu, Wu Zhou, Ahmed M. Azab
2015 USENIX Security Symposium  
In this paper, we propose EASE-Android, the first SEAndroid analytic platform for automatic policy analysis and refinement.  ...  Given an existing policy and a small set of known access patterns, EASEAndroid continually expands the knowledge base as new audit logs become available, producing suggestions for policy refinement.  ...  We also like to thank the paper shepherd and anonymous reviewers for their support to publish this paper. This work is done in Samsung Research America.  ... 
dblp:conf/uss/WangERZNXZA15 fatcat:ut3c4bn6nzgwdpgowdwntaj6tu

A Set of Policies and Guidelines for Deploying Safer VoIP Solutions

Amelia Araneo, School of Computer Science, Central University of Venezuela, Los Chaguaramos, Caracas, Venezuela, Eric Gamess, Dedaniel Urribarri
2018 Journal of clean energy technologies  
We also establish a set of policies and guidelines focused on the aforementioned architectures, in order to mitigate security threads and provide more effective solutions for existing vulnerabilities in  ...  VoIP is based on existing layers and protocols and therefore inherits their security issues. In relation to signalization, different protocols have been proposed for VoIP.  ...  For each of the scenario, we propose a set of policies and guidelines to mitigate security issues.  ... 
doi:10.7763/ijcte.2018.v10.1197 fatcat:geml5n3rb5fg3mrfjlwgxko3nu

Policy models to protect resource retrieval

Hayawardh Vijayakumar, Xinyang Ge, Trent Jaeger
2014 Proceedings of the 19th ACM symposium on Access control models and technologies - SACMAT '14  
In this paper, we define a novel policy model for describing when resource retrievals are unsafe, so they can be blocked.  ...  By making adversary models and the adversary accessibility of all aspects of resource retrieval explicit, we can block resource access attacks system-wide.  ...  However, using a capability system presents a challenge to programmers because they must reason about both the functionality and security of their programs concurrently.  ... 
doi:10.1145/2613087.2613111 dblp:conf/sacmat/VijayakumarGJ14 fatcat:7zgjk2qz3ncgvp2zzkb3fbovw4

Gran: Model Checking Grsecurity RBAC Policies

Michele Bugliesi, Stefano Calzavara, Riccardo Focardi, Marco Squarcina
2012 2012 IEEE 25th Computer Security Foundations Symposium  
Given the growing complexity of policy languages and access control systems, verifying that such systems enforce the desired invariants is recognized as a security problem of crucial importance.  ...  We develop a formal semantics for grsecurity's RBAC system, based on a labelled transition system, and a sound abstraction of that semantics providing a bounded approximation, amenable to model checking  ...  Security analysis Policies in grsecurity are much more concise and readable than policies for other access control systems as, e.g., SELinux [14] .  ... 
doi:10.1109/csf.2012.29 dblp:conf/csfw/BugliesiCFS12 fatcat:nsonkssr3nh4nbsk7rdmftpr7m

AN APPROACH TO IMPROVE ISOLATION AND SECURITY IN CONTAINER BASED CLOUD SYSTEMS

Salini Suresh
2018 International Journal of Advanced Research in Computer Science  
This paper investigates various security issues in container based systems and proposes a solution for securing the container using a novel access control model.  ...  Containerization enables the creation of isolated, multiple user-space instances and effectual consumption of resources and rapid provisioning.  ...  The most prevalent MAC technologies for Linux are SELinux and AppArmor and are realized using Linux Security Modules (LSM) framework. a) SELinux [14] SELinux administers policy-based security controls  ... 
doi:10.26483/ijarcs.v9i2.5733 fatcat:ipw7idhedrduromtwgwmlpt3f4

Designing System-Level Defenses against Cellphone Malware

Liang Xie, Xinwen Zhang, Ashwin Chaugule, Trent Jaeger, Sencun Zhu
2009 2009 28th IEEE International Symposium on Reliable Distributed Systems  
Specifically, we propose a mandatory access control-based defense to blocking malware that launch attacks through creating new processes for execution.  ...  To combat more elaborated malware which redirect program flows of normal applications to execute malicious code within a legitimate security domain, we further propose using artificial intelligence (AI  ...  ACKNOWLEDGMENT The authors would like to thank the anonymous reviewers for their valuable comments. This work was supported in part by grants NSF-0643906 and NSF-0721579.  ... 
doi:10.1109/srds.2009.21 dblp:conf/srds/XieZCJZ09 fatcat:qjabllpaxrathbpyqwwy7eacsm

Verification and change-impact analysis of access-control policies

Kathi Fisler, Shriram Krishnamurthi, Leo A. Meyerovich, Michael Carl Tschantz
2005 Proceedings of the 27th international conference on Software engineering - ICSE '05  
This paper presents Margrave, a software suite for analyzing role-based access-control policies.  ...  It also provides semantic differencing information between versions of policies. We have implemented these techniques and applied them to policies from a working software application.  ...  We thank Robin Fairbairns for the moreverb package for L A T E X.  ... 
doi:10.1145/1062455.1062502 dblp:conf/icse/FislerKMT05 fatcat:heqf7arsgbcw5b6ol4p3snbxrm

Defending Users against Smartphone Apps: Techniques and Future Directions [chapter]

William Enck
2011 Lecture Notes in Computer Science  
In this paper, we discuss the current state of smartphone research, including e↵orts in designing new OS protection mechanisms, as well as performing security analysis of real apps.  ...  Smartphone security research has become very popular in response to the rapid, worldwide adoption of new platforms such as Android and iOS.  ...  [25] propose ded to reverse Android applications to their original Java form, for which sophisticated static program analysis tools already exist.  ... 
doi:10.1007/978-3-642-25560-1_3 fatcat:q6xhlwtow5geplbbx5dlgef6pi

Thin Hypervisor-Based User Authentication Mechanism for Linux Security Modules

Bin YAN, Pei ZHAO, Heng-tai MA, Jian ZHAI
2017 DEStech Transactions on Computer Science and Engineering  
LSM (Linux Security Modules) has been developed as a lightweight, general purpose, access control framework for the mainstream Linux kernel, many tools employ LSM to implement mandatory access control  ...  In this paper, a practical, efficient, secure mechanism, namely RTA (Real-Time Authentication) is proposed to add real-time user authentication support for traditional LSM.  ...  , and Huan Liu for discussing the design of the architecture of EWL.  ... 
doi:10.12783/dtcse/cst2017/12515 fatcat:nbf33tgzvneblg4ulton6bjscq

Google Android: A Comprehensive Security Assessment

A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Dolev, C. Glezer
2010 IEEE Security and Privacy  
a proper SELinux policy.  ...  For example, we ported a SELinux into Android and activated a security policy for enhanc-ing the protection of system processes. 10 Moreover, we enabled a NetFilter-based firewall that users can easily  ...  Asaf Shabtai, CISSP, is a PhD student at Ben-Gurion  ... 
doi:10.1109/msp.2010.2 fatcat:xwh3y4lrxzhytau6zuu5nywqoe

The Confinement Problem: 40 Years Later

Alex Crowell, Beng Heng Ng, Earlence Fernandes, Atul Prakash
2013 Journal of Information Processing Systems  
While common issues exist across all three domains, unique challenges arise for each of them, which we discuss.  ...  The evolution of technologies from traditional operating systems to mobile and cloud computing brings about new security challenges. It is perhaps timely that we review the work that has been done.  ...  In these ways, SELinux does not serve as a practical information confinement solution for an average user.  ... 
doi:10.3745/jips.2013.9.2.189 fatcat:4zcwhg5divefrn56wjfgjg7ake

A Study of Application Sandbox Policies in Linux

Trevor Dunlap, William Enck, Bradley Reaves
2022 Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies  
This paper provides the first analysis of sandbox policies defined for Flatpak and Snap applications, covering 283 applications contained in both platforms.  ...  When studying the set of matching applications that appear in both Flatpak and Snap app stores, we frequently found policy mismatches: e.g., the Flatpak version has a broad privilege (e.g., file access  ...  Any findings and opinions expressed in this material are those of the authors and do not necessarily reflect the views of the funding agencies.  ... 
doi:10.1145/3532105.3535016 fatcat:3c2yjnq53ndqxhgyhjru6bvn5q
« Previous Showing results 1 — 15 out of 251 results