Author:
Peter Amthor
Affiliation:
Ilmenau University of Technology, Germany
Keyword(s):
Security Engineering, Security Policies, Access Control Models, Operating System Security, SELinux.
Related
Ontology
Subjects/Areas/Topics:
Access Control
;
Data Engineering
;
Databases and Data Security
;
Formal Methods for Security
;
Information and Systems Security
;
Internet Technology
;
Security and Privacy Policies
;
Security Engineering
;
Security in Information Systems
;
Web Information Systems and Technologies
Abstract:
Modern operating systems increasingly rely on enforcing mandatory access control through the use of security
policies. Given the critical property of policy correctness in such systems, formal methods and models are
applied for both specification and verification of these policies. Due to the heterogeneity of their respective
semantics, this is an intricate and error-prone engineering process. However, diverse access control systems
on the one hand and diverse formal criteria of correctness on the other hand have so far impeded a unifying
framework for this task.
This paper presents a step towards this goal. We propose to leverage core-based model engineering, a uniform
approach to security policy formalization, and refine it by adding typical semantic abstractions of contemporary
policy-controlled operating systems. This results in a simple, yet highly flexible framework for formalization,
specification and analysis of operating system security policies. We substantiate this claim b
y applying
our method to the SELinux system and practically demonstrate how to map policy semantics to an instance of
the model.
(More)