• DocumentCode
    2416792
  • Title

    Pastures: Towards Usable Security Policy Engineering

  • Author

    Bratus, Sergey ; Ferguson, Alex ; McIlroy, Doug ; Smith, Sean

  • Author_Institution
    Dartmouth Coll., Hanover, NH
  • fYear
    2007
  • fDate
    10-13 April 2007
  • Firstpage
    1052
  • Lastpage
    1059
  • Abstract
    Whether a particular computing installation meets its security goals depends on whether the administrators can create a policy that expresses these goals - security in practice requires effective policy engineering. We have found that the reigning SELinux model fares poorly in this regard, partly because typical isolation goals are not directly stated but instead are properties derivable from the type definitions by complicated analysis tools. Instead, we are experimenting with a security-policy approach based on copy-on-write "pastures", in which the sharing of resources between pastures is the fundamental security policy primitive. We argue that it has a number of properties that are better from the usability point of view. We implemented this approach as a patch for the 2.6 Linux kernel
  • Keywords
    Linux; data integrity; data privacy; operating system kernels; security of data; Linux kernel; SELinux model; copy-on-write pastures; resource sharing; security policy engineering; Application software; Costs; Data security; Educational institutions; Kernel; Linux; Programming profession; Protection; Software tools; Usability;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on
  • Conference_Location
    Vienna
  • Print_ISBN
    0-7695-2775-2
  • Type

    conf

  • DOI
    10.1109/ARES.2007.114
  • Filename
    4159908
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2416792