牧场:迈向可用的安全策略工程

The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI:10.1109/ARES.2007.114

S. Bratus, A. Ferguson, D. McIlroy, Sean W. Smith

{"title":"牧场:迈向可用的安全策略工程","authors":"S. Bratus, A. Ferguson, D. McIlroy, Sean W. Smith","doi":"10.1109/ARES.2007.114","DOIUrl":null,"url":null,"abstract":"Whether a particular computing installation meets its security goals depends on whether the administrators can create a policy that expresses these goals - security in practice requires effective policy engineering. We have found that the reigning SELinux model fares poorly in this regard, partly because typical isolation goals are not directly stated but instead are properties derivable from the type definitions by complicated analysis tools. Instead, we are experimenting with a security-policy approach based on copy-on-write \"pastures\", in which the sharing of resources between pastures is the fundamental security policy primitive. We argue that it has a number of properties that are better from the usability point of view. We implemented this approach as a patch for the 2.6 Linux kernel","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Pastures: Towards Usable Security Policy Engineering\",\"authors\":\"S. Bratus, A. Ferguson, D. McIlroy, Sean W. Smith\",\"doi\":\"10.1109/ARES.2007.114\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Whether a particular computing installation meets its security goals depends on whether the administrators can create a policy that expresses these goals - security in practice requires effective policy engineering. We have found that the reigning SELinux model fares poorly in this regard, partly because typical isolation goals are not directly stated but instead are properties derivable from the type definitions by complicated analysis tools. Instead, we are experimenting with a security-policy approach based on copy-on-write \\\"pastures\\\", in which the sharing of resources between pastures is the fundamental security policy primitive. We argue that it has a number of properties that are better from the usability point of view. We implemented this approach as a patch for the 2.6 Linux kernel\",\"PeriodicalId\":383015,\"journal\":{\"name\":\"The Second International Conference on Availability, Reliability and Security (ARES'07)\",\"volume\":\"37 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-04-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The Second International Conference on Availability, Reliability and Security (ARES'07)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2007.114\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The Second International Conference on Availability, Reliability and Security (ARES'07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2007.114","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 12

摘要

特定的计算安装是否满足其安全目标取决于管理员是否可以创建表达这些目标的策略—实践中的安全性需要有效的策略工程。我们发现，当前的SELinux模型在这方面表现不佳，部分原因是典型的隔离目标没有直接声明，而是通过复杂的分析工具从类型定义中派生出属性。相反，我们正在试验一种基于写时复制(copy-on-write)“牧场”的安全策略方法，其中牧场之间的资源共享是基本的安全策略原语。我们认为，从可用性的角度来看，它有许多更好的属性。我们将这种方法作为2.6 Linux内核的补丁实现

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Pastures: Towards Usable Security Policy Engineering

Whether a particular computing installation meets its security goals depends on whether the administrators can create a policy that expresses these goals - security in practice requires effective policy engineering. We have found that the reigning SELinux model fares poorly in this regard, partly because typical isolation goals are not directly stated but instead are properties derivable from the type definitions by complicated analysis tools. Instead, we are experimenting with a security-policy approach based on copy-on-write "pastures", in which the sharing of resources between pastures is the fundamental security policy primitive. We argue that it has a number of properties that are better from the usability point of view. We implemented this approach as a patch for the 2.6 Linux kernel

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

The Second International Conference on Availability, Reliability and Security (ARES'07)

自引率

0.00%

发文量