SELinux/SEAndroid policies used in practice contain tens of thousands of access rules making it hard to analyse them. In this paper, we present an algorithm for reasoning about the consistency of a given policy by analysing the information flows implied by it. For this purpose, we model SELinux policy rules using the Readers-Writers Flow Model (RWFM). Using this model, our method identifies all possible indirect flows due to a given policy that could lead to inconsistency. One of the main features of the method is that it not only identifies inconsistencies in the policy but also traces the rules that lead to inconsistency. To distinguish between benign and vulnerable indirect flows, we further categorise the indirect rules that directly contradict neverallow rules in the policy and hence have a high potential for information leak. We further rank the rules and domains based on the number of policy violations they cause. We have also implemented a tool FlowConSEAL based on the above method and have applied it on various SELinux/SEAndroid policies for providing a succinct feedback to the user.We thank Asokan N, Elena R and Filippo B for their invaluable insights on SE-Android policy analysis and for sharing SEAndroid policies in early stages of the work.
Role-based Access Control (RBAC) is one of the most widely implemented access control models. In today's complex computing systems, one of the increasingly sought-after features for reliable security is information flow control. Although RBAC is a policyneutral and generic model, its implementations generally do not provide information flow control. In this paper, we present two approaches to address this issue. In the first method, we describe how a lattice model can be captured using an RBAC configuration. In the second method, we analyze the information flows in a given RBAC policy using a decentralized lattice model called Readers-Writers Flow Model. This method identifies the indirect information flows in the policy and helps in creating flow-secure RBAC policies. We discuss the scope and limitations of these methods in detail and also present a brief case study. Finally, we investigate the use of flow-secure RBAC policies in creating flow-secure Attribute-based Access Control (ABAC) policies.
CCS CONCEPTS• Security and privacy → Access control; Authorization.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.