Abstract SELinux policies used in practice contain tens of thousands of rules, making it hard to comprehend their impact on the security and to verify whether they actually meet the intended security goals. In this paper, we describe an approach for reasoning about the consistency of a given SELinux policy by analyzing the information flows caused by it. For this purpose, we model SELinux policy rules using the Readers-Writers Flow Model (RWFM). We have used this approach to implement a static policy analysis tool as well as a run-time monitor. The static policy analysis tool identifies all the possible indirect flows in a given policy and then filters out those indirect flows that pose a high threat. Given an indirect flow, the tool can also identify the sequences of accesses that cause the indirect flow. The tool also ranks the rules and domains based on the number of policy violations they cause. Thus, the static analysis tool is useful for policy writers to develop flow secure policies. The run-time monitor, on the other hand, keeps track of the information flows in an SELinux system and detects indirect flows dynamically. This helps in ensuring flow secure enforcement of a given SELinux policy as per the specification. The efficiency and efficacy of our implementations are demonstrated through experimental analysis on large, real-life policies.

中文翻译：

---

SELinux 策略的一致性分析和流程安全执行

摘要 实践中使用的 SELinux 策略包含数以万计的规则，因此很难理解它们对安全的影响并验证它们是否真正满足预期的安全目标。在本文中，我们描述了一种通过分析给定 SELinux 策略引起的信息流来推理其一致性的方法。为此，我们使用 Readers-Writers Flow Model (RWFM) 对 SELinux 策略规则进行建模。我们已经使用这种方法来实现静态策略分析工具以及运行时监视器。静态策略分析工具识别给定策略中所有可能的间接流，然后过滤掉那些构成高威胁的间接流。给定间接流，该工具还可以识别导致间接流的访问序列。该工具还根据规则和域导致的策略违规数量对规则和域进行排名。因此，静态分析工具对于策略编写者开发流安全策略很有用。另一方面，运行时监视器跟踪 SELinux 系统中的信息流并动态检测间接流。这有助于根据规范确保给定 SELinux 策略的流程安全实施。我们实施的效率和功效通过对大型现实政策的实验分析得到证明。这有助于根据规范确保给定 SELinux 策略的流程安全实施。我们实施的效率和功效通过对大型现实政策的实验分析得到证明。这有助于根据规范确保给定 SELinux 策略的流程安全实施。我们实施的效率和功效通过对大型现实政策的实验分析得到证明。