Policy Specialization to Support Domain Isolation
Simone Mutti, Enrico Bacis, Stefano Paraboschi
In Proceedings of the 8th Workshop on Automated Decision Making for Active Cyber Defense (SafeConfig)
The exponential growth of modern information systems has introduced several new challenges in the management of security requirements. Nowadays, the technological scenario has evolved and the introduction of MAC models provides a better isolation among software components and reduces the damages that the malicious or defective ones can cause to the systems. On one hand it is important to confine applications and limit the privileges that they can request. On the other hand we want to let applications benefit from the flexibility given by MAC models, such as SELinux.
In this paper we show how the constructs already available in SELinux and the specialization of security domains can be leveraged to define boundaries where the applications are confined but still able to introduce sophisticated security patterns, such as application isolation and the least privilege principle. After defining the proposed model, we describe how it can be integrated into real systems through the use of examples on Android and Apache Web Server.
@inproceedings{10.1145/2809826.2809832,
author = {Mutti, Simone and Bacis, Enrico and Paraboschi, Stefano},
title = {Policy Specialization to Support Domain Isolation},
year = {2015},
isbn = {9781450338219},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/2809826.2809832},
doi = {10.1145/2809826.2809832},
abstract = {The exponential growth of modern information systems has introduced several new challenges in the management of security requirements. Nowadays, the technological scenario has evolved and the introduction of MAC models provides a better isolation among software components and reduces the damages that the malicious or defective ones can cause to the systems. On one hand it is important to confine applications and limit the privileges that they can request. On the other hand we want to let applications benefit from the flexibility given by MAC models, such as SELinux.In this paper we show how the constructs already available in SELinux and the specialization of security domains can be leveraged to define boundaries where the applications are confined but still able to introduce sophisticated security patterns, such as application isolation and the least privilege principle. After defining the proposed model, we describe how it can be integrated into real systems through the use of examples on Android and Apache Web Server.},
booktitle = {Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense},
pages = {33–38},
numpages = {6},
keywords = {typebounds, policy modularity, mandatory access control, selinux, app containerization, android},
location = {Denver, Colorado, USA},
series = {SafeConfig '15}
}