| 基于有色Petri网的SELinux安全策略自动化分析 |
| |
| 作者姓名: | 郭涛 翟高寿 |
| |
| 作者单位: | 北京交通大学计算机与信息技术学院,北京100044 |
| |
| 基金项目: | 中央高校基本科研业务费专项资金资助(课题编号:2009JBM019). |
| |
| 摘 要: | SELinux是嵌入到Linux内核中并得到推广应用的安全增强模块。由于其安全策略配置复杂且工作量较大,故而研究相关的安全策略辅助配置手段及SELinux安全策略的自动化分析方法与技术很有必要。本文基于有色Petri网建立了SELinux安全策略的自动化分析模型,给出了原型实现和测试结果。相关结果表明,有色Petri网分析方法和对应原型能较好地完成SELinux安全策略的有效性分析,并可实现带有中间过滤类型的信息流查询且更加方便简洁。
|
| 关 键 词: | SELinux 安全策略 有色Petri网 自动化分析 |
Automation Analysis of SELinux Security Policy Based on Colored Petri-net |
| |
| Authors: | Guo Tao Zhai Gao-shou |
| |
| Affiliation: | Guo Tao Zhai Gao-shou(Department of Computer and Information Technology, Beijing Jiaotong University Beijing 100044) |
| |
| Abstract: | SELinux is a typical security-enhanced module in Linux. But it is hard to configure SELinux for large amounts of security policies. Therefore it' s necessary to develop a tool to analyze the security policies automatically, which can be potentially used for SELinux security policy configuration. In this paper, a model for automatic analysis of SELinux security policies based on colored petri-net is build and corresponding prototype is designed and implemented. Test results show that the prototype can perform effectiveness analysis task very well. Moreover, it can do queries about information flows including in-between filtering types simply and conveniently. |
| |
| Keywords: | selinux security policies colored petri-net automatic analysis |
| 本文献已被 CNKI 维普 等数据库收录! |
