【2021.06.24】SENG: An Enhanced Policy Language for SELinux
Time
2021.06.24
Summary
Structure
Research Objective
SELinux policy language
Problem Statement
1.the policy for a typical Linux system contains a large number of distinct types,a realistic policy will be large and unwieldy.
2.Most of the statements in the current SELinux policy language operate directly on features of the underlying access control model(底层访问控制模型的功能).
3.One of the major factors preventing widespread adoption of SELinux is the preceived diffificulty of writing policies.
Previous Method(s)
1.manage this complexity through preprocessor macros(预处理器宏),using them to encapsulate portions of the policy.(弊端:这种宏禁止用工具分析策略,对之后的改进造成了阻碍)
Method(s)
1.Introduce SENG,an experimental alternative language for writing SELinux policies.
Evaluation
Conclusion
Notes
Words
1.naming conventions 命名约定
Terminology
1.the m4 macro processor are used to express the intended policy more succinctly,hiding implementation details and providing higher-level abstractions over the rules in the underlying language.(缺点:the pervasive use of m4 inhibits the ability of automated tools to analyze a policy.)
Sentence
1.The SELinux reference policy [4] splits a policy into individual modules.