SELinux Symposium Notes: Session 6

[Editor’s note: Is he seriously still typing up the notes he scribbled down during the talks at the SELinux Symposium earlier this month?! Doesn’t he know they’re not even necessarily reliable and shouldn’t be used for anything more than recreational reading?]

Experience Implementing a Higher-Level Policy Language for SELinux (Chad Sellers et. al, Tresys Technology)

SELinux has MAC foundation; HLL represents different paradigms, reaching new users, new features
CDS describes information flows, targeted at app developers — compiler & IDE
domains — active entities/security perimeter; shared resources — passive, for domain interaction
access — r/w/rw b/t domain & shared objects
decomposition of domains for better least privilege
challenges: concepts (idealized) v. SELinux details, must integrate w/ base policy [CDS only for cross-domain, not the whole thing]
e.g. IPC not labeled a priori but by creator, same label = equivalent — control resources share label w/ domain and are individually unique
SELinux has many ways to label files, but too complex for HLL; but paths aren’t enough
idea: paths label directories only, sidestepping many issues (leakage, existence, etc.)
hooking into base policy: wrap resource in “baseresource” to define r/w access to it; singleton (likewise for basedomain)

SENG: An Enhanced Policy Language for SELinux (Paul Kuliniewicz, Purdue University)

[Editor's note: Sorry, no notes for this one. I must not have been paying attention.]

Guided Policy Generation for Application Authors (Brian Sniffen et. al., MITRE Corporation)

policy creation/management tools, looking at information flow goals
guided automation, least privilege in use, not toal capabilities of app
idea: find patterns in program behavior, ask writer if things look reasonable
polgen specification language to describe architecture of app
suggest additions from execution traces — limits to how app will be used
can recognize ~12 patterns of operation

Comments are closed.