Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
NDSS
2009
IEEE
2009
IEEE
Analyzing and Comparing the Protection Quality of Security Enhanced Operating Systems
Host compromise is a serious computer security problem today. To better protect hosts, several Mandatory Access Control systems, such as Security Enhanced Linux (SELinux) and AppArmor, have been introduced. In this paper we propose an approach to analyze and compare the quality of protection offered by these different MAC systems. We introduce the notion of vulnerability surfaces under attack scenarios as the measurement of protection quality, and implement a tool called VulSAN for computing such vulnerability surfaces. In VulSAN, we encode security policies, system states, and system rules using logic programs. Given an attack scenario, VulSAN computes a host attack graph and the vulnerability surface. We apply our approach to compare SELinux and AppArmor policies in several Linux distributions and discuss the results. Our tool can also be used by Linux system administrators as a system hardening tool. Because of its ability to analyze SELinux as well as AppArmor policies, it can be ...
Real-time TrafficRelated Content
| Added | 21 May 2010 |
| Updated | 21 May 2010 |
| Type | Conference |
| Year | 2009 |
| Where | NDSS |
| Authors | Hong Chen, Ninghui Li, Ziqing Mao |
Comments (0)
Researcher Info
|
