FlowConSEAL: Automatic Flow Consistency Analysis of SEAndroid and SELinux Policies - 32th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec)
Conference Papers Year : 2018

FlowConSEAL: Automatic Flow Consistency Analysis of SEAndroid and SELinux Policies

Abstract

SELinux/SEAndroid policies used in practice contain tens of thousands of access rules making it hard to analyse them. In this paper, we present an algorithm for reasoning about the consistency of a given policy by analysing the information flows implied by it. For this purpose, we model SELinux policy rules using the Readers-Writers Flow Model (RWFM). Using this model, our method identifies all possible indirect flows due to a given policy that could lead to inconsistency. One of the main features of the method is that it not only identifies inconsistencies in the policy but also traces the rules that lead to inconsistency. To distinguish between benign and vulnerable indirect flows, we further categorise the indirect rules that directly contradict neverallow rules in the policy and hence have a high potential for information leak. We further rank the rules and domains based on the number of policy violations they cause. We have also implemented a tool FlowConSEAL based on the above method and have applied it on various SELinux/SEAndroid policies for providing a succinct feedback to the user.
Fichier principal
Vignette du fichier
470961_1_En_14_Chapter.pdf (322.71 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01954401 , version 1 (13-12-2018)

Licence

Identifiers

Cite

B. S. Radhika, N. V. Narendra Kumar, R. K. Shyamasundar. FlowConSEAL: Automatic Flow Consistency Analysis of SEAndroid and SELinux Policies. 32th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2018, Bergamo, Italy. pp.219-231, ⟨10.1007/978-3-319-95729-6_14⟩. ⟨hal-01954401⟩
107 View
183 Download

Altmetric

Share

More