{"title":"集成访问权限:通过文件访问矢量权限集成实现安全、简单的策略描述","authors":"T. Yamaguchi, T. Tabata, Y. Nakamura","doi":"10.1109/ISA.2008.21","DOIUrl":null,"url":null,"abstract":"In pervasive computing, embedded systems have a possibility to be attacked by crackers, including 0-day attack, as well as enterprise systems. In particular, in a case where a cracker gets a root privilege, damages are significant. To resolve this problem, Security-Enhanced Linux (SELinux) is useful. However, SELinux has a problem that is significant complexity for configuration because of too fine-grained access control. As a method for resolving this problem, SELinux Policy Editor (SEEdit) has been developed; this is a tool that simplifies the SELinux configuration. SEEdit uses the Simplified Policy Description Language (SPDL) as a policy description language. In the SPDL, we define new access permissions that integrate Access Vector Permissions (AVPs) employed in SELinux to provide access permissions in a security policy. Thus, we propose a set of access permissions named Integrated Access Permissions (IAPs), which enables the achievement of a good balance between reducing the workload of the configurations and guaranteeing security in SELinux. In addition, we evaluate our IAPs and show them almost secure.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Integrated Access Permission: Secure and Simple Policy Description by Integration of File Access Vector Permission\",\"authors\":\"T. Yamaguchi, T. Tabata, Y. Nakamura\",\"doi\":\"10.1109/ISA.2008.21\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In pervasive computing, embedded systems have a possibility to be attacked by crackers, including 0-day attack, as well as enterprise systems. In particular, in a case where a cracker gets a root privilege, damages are significant. To resolve this problem, Security-Enhanced Linux (SELinux) is useful. However, SELinux has a problem that is significant complexity for configuration because of too fine-grained access control. As a method for resolving this problem, SELinux Policy Editor (SEEdit) has been developed; this is a tool that simplifies the SELinux configuration. SEEdit uses the Simplified Policy Description Language (SPDL) as a policy description language. In the SPDL, we define new access permissions that integrate Access Vector Permissions (AVPs) employed in SELinux to provide access permissions in a security policy. Thus, we propose a set of access permissions named Integrated Access Permissions (IAPs), which enables the achievement of a good balance between reducing the workload of the configurations and guaranteeing security in SELinux. In addition, we evaluate our IAPs and show them almost secure.\",\"PeriodicalId\":212375,\"journal\":{\"name\":\"2008 International Conference on Information Security and Assurance (isa 2008)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-04-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 International Conference on Information Security and Assurance (isa 2008)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISA.2008.21\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 International Conference on Information Security and Assurance (isa 2008)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISA.2008.21","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
摘要
在普及计算中,嵌入式系统和企业系统都有可能受到黑客攻击,包括零日攻击。特别是,在黑客获得根权限的情况下,损害是显著的。为了解决这个问题,Security-Enhanced Linux (SELinux)非常有用。但是,SELinux有一个问题,由于过于细粒度的访问控制,配置非常复杂。作为解决这个问题的方法,SELinux策略编辑器(SEEdit)已经被开发出来;这是一个简化SELinux配置的工具。SEEdit使用SPDL (Simplified Policy Description Language)作为策略描述语言。在SPDL中,我们定义了新的访问权限,它集成了SELinux中使用的访问向量权限(avp),以在安全策略中提供访问权限。因此,我们提出了一组访问权限,称为集成访问权限(IAPs),它可以在SELinux中减少配置工作负载和保证安全性之间实现良好的平衡。此外,我们评估了我们的iap并证明它们几乎是安全的。
Integrated Access Permission: Secure and Simple Policy Description by Integration of File Access Vector Permission
In pervasive computing, embedded systems have a possibility to be attacked by crackers, including 0-day attack, as well as enterprise systems. In particular, in a case where a cracker gets a root privilege, damages are significant. To resolve this problem, Security-Enhanced Linux (SELinux) is useful. However, SELinux has a problem that is significant complexity for configuration because of too fine-grained access control. As a method for resolving this problem, SELinux Policy Editor (SEEdit) has been developed; this is a tool that simplifies the SELinux configuration. SEEdit uses the Simplified Policy Description Language (SPDL) as a policy description language. In the SPDL, we define new access permissions that integrate Access Vector Permissions (AVPs) employed in SELinux to provide access permissions in a security policy. Thus, we propose a set of access permissions named Integrated Access Permissions (IAPs), which enables the achievement of a good balance between reducing the workload of the configurations and guaranteeing security in SELinux. In addition, we evaluate our IAPs and show them almost secure.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
