{"title":"安全策略的语义远程认证","authors":"Qian Zhang, Yeping He, Ce Meng","doi":"10.1109/ICISA.2010.5480265","DOIUrl":null,"url":null,"abstract":"In the software environment with security policy enforced, the behavior of application depends on not only its binary code, but also the enforcing security policy. Therefore, remote attestation for security policy is as important as that for binary code. However, since the specialties of security policy, which include more mutable and mixture of semantics, it is not suitable to use integrity measurement as the evidence to verify trustworthy of security policy. In this paper, we propose a novel semantic approach to remote attest security policy. This approach utilizes policy analysis technique to extract semantics from security policy, and utilizes logical programming to query required semantics from the mixture of semantics in security policy. We design and implement this approach on SELinux policy in this paper and discuss the security of this implementation on the basis of verified trust of TCB.","PeriodicalId":313762,"journal":{"name":"2010 International Conference on Information Science and Applications","volume":"428 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Semantic Remote Attestation for Security Policy\",\"authors\":\"Qian Zhang, Yeping He, Ce Meng\",\"doi\":\"10.1109/ICISA.2010.5480265\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In the software environment with security policy enforced, the behavior of application depends on not only its binary code, but also the enforcing security policy. Therefore, remote attestation for security policy is as important as that for binary code. However, since the specialties of security policy, which include more mutable and mixture of semantics, it is not suitable to use integrity measurement as the evidence to verify trustworthy of security policy. In this paper, we propose a novel semantic approach to remote attest security policy. This approach utilizes policy analysis technique to extract semantics from security policy, and utilizes logical programming to query required semantics from the mixture of semantics in security policy. We design and implement this approach on SELinux policy in this paper and discuss the security of this implementation on the basis of verified trust of TCB.\",\"PeriodicalId\":313762,\"journal\":{\"name\":\"2010 International Conference on Information Science and Applications\",\"volume\":\"428 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-04-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 International Conference on Information Science and Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICISA.2010.5480265\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 International Conference on Information Science and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICISA.2010.5480265","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
In the software environment with security policy enforced, the behavior of application depends on not only its binary code, but also the enforcing security policy. Therefore, remote attestation for security policy is as important as that for binary code. However, since the specialties of security policy, which include more mutable and mixture of semantics, it is not suitable to use integrity measurement as the evidence to verify trustworthy of security policy. In this paper, we propose a novel semantic approach to remote attest security policy. This approach utilizes policy analysis technique to extract semantics from security policy, and utilizes logical programming to query required semantics from the mixture of semantics in security policy. We design and implement this approach on SELinux policy in this paper and discuss the security of this implementation on the basis of verified trust of TCB.