Algorithms for Automatic Analysis of SELinux Security Policy
Configuration of security policies is an important but complicated work for running of secure operating systems. On the one hand, completely correct and consistent configuration is the necessary prerequisite for secure and credible system operation. On the other hand, errors and bugs are incidental anywhere within configuration at all time. Therefore, algorithms for automatic analysis of SELinux security policy are studied in this paper. Based on an improved analysis model similar to SELAC model, both algorithms for validity analysis and integrity analysis are designed. So that any access relations among subjects and objects with specified security contexts can be identified correctly by using the former algorithm. And all rules that could potentially influence integrity of subjects and objects can be detected based on the latter algorithm.