【2021.06.27】Analyzing Integrity Protection in the SELinux Example Policy
Time
2021.06.27
Summary
1.In this paper, we present an approach for analyzing the integrity protection in the SELinux example policy.
2.provide an access control model to express site security goals and resolve them against the SELinux policy.
3.The LSM framework is designed to be agnostic to the MAC approach
Structure
Research Objective
Problem Statement
Previous Method(s)
Method(s)
Evaluation
Conclusion
Notes
1.While SELinux supports a variety of access control pol- icy models, the main focus of SELinux policy developmenthasbeen anextendedType Enforcement(TE) model
Words
Terminology
1.constrained data items(CDIs)
2.transformation procedures (TPs)
3.unconstrained data items (UDIs)
4.integrity verificationprocedures(IVPs)
5.trusted computing base (TCB)
