TY - GEN
T1 - SEEdit
T2 - 23rd Large Installation System Administration Conference, LISA 2009
AU - Nakamura, Yuichi
AU - Sameshima, Yoshiki
AU - Tabata, Toshihiro
N1 - Publisher Copyright:
© LISA 2009.
PY - 2009
Y1 - 2009
N2 - Security policy for SELinux is usually created by customizing a sample policy called refpolicy. However, describing and verifying security policy configurations is difficult because in refpolicy, there are more than 100,000 lines of configurations, thousands of elements such as permissions, macros and labels. The memory footprint of refpolicy which is around 5MB, is also a problem for resource constrained devices. We propose a security policy configuration system SEEdit which facilitates creating security policy by a higher level language called SPDL and SPDL tools. SPDL reduces the number of permissions by integrated permissions and removes label configurations. SPDL tools generate security policy configurations from access logs and tool user's knowledge about applications. Experimental results on an embedded system and a PC system show that practical security policies are created by SEEdit, i.e., describing configurations is semiautomated, created security policies are composed of less than 500 lines of configurations, 100 configuration elements, and the memory footprint in the embedded system is less than 500KB.
AB - Security policy for SELinux is usually created by customizing a sample policy called refpolicy. However, describing and verifying security policy configurations is difficult because in refpolicy, there are more than 100,000 lines of configurations, thousands of elements such as permissions, macros and labels. The memory footprint of refpolicy which is around 5MB, is also a problem for resource constrained devices. We propose a security policy configuration system SEEdit which facilitates creating security policy by a higher level language called SPDL and SPDL tools. SPDL reduces the number of permissions by integrated permissions and removes label configurations. SPDL tools generate security policy configurations from access logs and tool user's knowledge about applications. Experimental results on an embedded system and a PC system show that practical security policies are created by SEEdit, i.e., describing configurations is semiautomated, created security policies are composed of less than 500 lines of configurations, 100 configuration elements, and the memory footprint in the embedded system is less than 500KB.
KW - Configuration
KW - SELinux
KW - Security
KW - Security policy
UR - http://www.scopus.com/inward/record.url?scp=84860508608&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84860508608&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84860508608
T3 - Proceedings of the 23rd Large Installation System Administration Conference, LISA 2009
SP - 107
EP - 117
BT - Proceedings of the 23rd Large Installation System Administration Conference, LISA 2009
PB - USENIX Association
Y2 - 1 November 2009 through 6 November 2009
ER -