1 research outputs found
Towards a Uniform Framework for Dynamic Analysis of Access Control Models
Security-critical system requirements are increasingly enforced through
mandatory access control systems. These systems are controlled by security
policies, highly sensitive system components, which emphasizes the paramount
importance of formally verified security properties regarding policy
correctness. For the class of safety-properties, addressing potential dynamic
right proliferation, a number of known and tested formal analysis methods and
tools already exist. Unfortunately, these methods need to be redesigned from
scratch for each particular policy from a broad range of different application
domains.
In this paper, we seek to mitigate this problem by proposing a uniform formal
framework, tailorable to a safety analysis algorithm for a specific application
domain. We present a practical workflow, guided by model-based knowledge, that
is capable of producing a meaningful formal safety definition along with an
algorithm to heuristically analyze that safety. Our method is demonstrated
based on security policies for the SELinux operating system.
Keywords: Security engineering, security policies, access control systems,
access control models, safety, heuristic analysis, SELinux