On the security of SELinux with a simplified policy

Katsuya Sueyasu, Toshihiro Tabata, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Security-Enhanced Linux (SELinux) is a secure operating system. SELinux implements some features in order to perform strong access control. However, the configuration of SELinux access control becomes very complex. Such complexity may cause misconfiguration which can harm the strong access control. SELinux Policy Editor is a configuration tool for SELinux. It is developed in order to reduce the complexity and the risk of misconfiguration. As a part of its support of configuration, this tool simplifies the configuration of SELinux by integrating configuration items for complicated access control policy of SELinux. Although we can originally define and use macros which integrate permissions in SELinux access control policy, the integrated permissions of SELinux Policy Editor and the macros differ fundamentally in whether the use of them is mandatory or discretionary. In this paper, we examine effects of the simplification by SELinux Policy Editor on an example access control policy and evaluate the security of the access control based on the simplified policy about Apache, a web server software.

Original languageEnglish
Title of host publicationProceedings of the IASTED International Conference on Communication, Network, and Information Security
EditorsM.H. Hamza
Pages79-84
Number of pages6
Publication statusPublished - Dec 1 2003
EventProceedings of the IASTED International Conference on Communication, Network, an d Information Security - New York, NY., United States
Duration: Dec 10 2003Dec 12 2003

Publication series

NameProceedings of the IASTED International Conference on Communication, Network, and Information Security

Other

OtherProceedings of the IASTED International Conference on Communication, Network, an d Information Security
CountryUnited States
CityNew York, NY.
Period12/10/0312/12/03

All Science Journal Classification (ASJC) codes

  • Engineering(all)

Fingerprint Dive into the research topics of 'On the security of SELinux with a simplified policy'. Together they form a unique fingerprint.

Cite this