SPTrack: Visual Analysis of Information Flows within SELinux Policies and Attack Logs

Clemente, Patrice; Kaba, Bangaly; Rouzaud-Cornabas, Jonathan; Marc, Alexandre; Aujay, Guillaume

doi:10.1007/978-3-642-35236-2_60

Cited by 16 publications

(10 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This tool helped users analyze the relationship between objects (e.g., files) and subjects (e.g., processes) of policies using its own clustering algorithm. SPTrack [7] is based on the nodelink diagram, and visualizes the criticality level as colored edges according to interactions (e.g., write, signal) allowed by policies. Xu et al [35], [36] suggested using semantic substrates to visualize the key categories (i.e., user, role, domain, type) of the policy in separate spaces.…”

Section: B Security Policy Visualizationmentioning

confidence: 99%

Hyperion: A Visual Analytics Tool for an Intrusion Detection and Prevention System

Yoo

Kim

et al. 2020

IEEE Access

View full text Add to dashboard Cite

Intrusion detection and prevention systems (IDPSs) are at the core of protecting an enterprise's network. In general, IDPSs use pre-defined rules to detect potential attacks. As the size of an organization grows and new types of intrusions appear, the quantity and complexity of the rules also increase. Moreover, IDPSs generate an overwhelming number of logs that are challenging to handle and analyze. For a more effective and integrative analysis and management of the rules and logs, we propose a novel visual analytics tool, Hyperion. Hyperion interactively visualizes rules to help users understand how the IDPS rules are managed and applied to the enterprise's network entities. Hyperion also provides effective visualizations to enable users to visually analyze the type, period, traffic, and frequency of attacks in addition to a traditional count-based timeline visualization. Finally, Hyperion enables users to interactively simulate the effect of a change in parameters of a detection rule. These features can help streamline the security control cycle consisting of rule application, information collection, log analysis, and rule revision.

show abstract

Section: B Security Policy Visualizationmentioning

confidence: 99%

Hyperion: A Visual Analytics Tool for an Intrusion Detection and Prevention System

Yoo

Kim

et al. 2020

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Several visualization-based SELinux policy analysis tools [14][15][16] have been developed to help policy writers to better understand the policies. Gove [14] presents a tool for understanding and comparing SELinux/SEAndroid policies by creating graph representations.…”

Section: Related Workmentioning

confidence: 99%

FlowConSEAL: Automatic Flow Consistency Analysis of SEAndroid and SELinux Policies

Radhika

Kumar

Shyamasundar

2018

Data and Applications Security and Privacy XXXII

View full text Add to dashboard Cite

SELinux/SEAndroid policies used in practice contain tens of thousands of access rules making it hard to analyse them. In this paper, we present an algorithm for reasoning about the consistency of a given policy by analysing the information flows implied by it. For this purpose, we model SELinux policy rules using the Readers-Writers Flow Model (RWFM). Using this model, our method identifies all possible indirect flows due to a given policy that could lead to inconsistency. One of the main features of the method is that it not only identifies inconsistencies in the policy but also traces the rules that lead to inconsistency. To distinguish between benign and vulnerable indirect flows, we further categorise the indirect rules that directly contradict neverallow rules in the policy and hence have a high potential for information leak. We further rank the rules and domains based on the number of policy violations they cause. We have also implemented a tool FlowConSEAL based on the above method and have applied it on various SELinux/SEAndroid policies for providing a succinct feedback to the user.We thank Asokan N, Elena R and Filippo B for their invaluable insights on SE-Android policy analysis and for sharing SEAndroid policies in early stages of the work.

show abstract

“…The resulting tool, shrimp, can be used to analyze and find errors in the SELinux Reference Policy. Information visualization techniques have been applied to SELinux policy analysis in (Clemente et al, 2012), also in combination with clustering of policy elements (Marouf and Shehab, 2011). These analysis methods are largely academic, and no practical tools based on them are used by the SELinux community.…”

Section: Selinux Toolsmentioning

confidence: 99%

SELint: An SEAndroid Policy Analysis Tool

Reshetova

Bonazzi²,

Asokan³

2017

Proceedings of the 3rd International Conference on Information Systems Security and Privacy

View full text Add to dashboard Cite

SEAndroid enforcement is now mandatory for Android devices. In order to provide the desired level of security for their products, Android OEMs need to be able to minimize their mistakes in writing SEAndroid policies. However, existing SEAndroid and SELinux tools are not very useful for this purpose. It has been shown that SEAndroid policies found in commercially available devices by multiple manufacturers contain mistakes and redundancies. In this paper we present a new tool, SELint, which aims to help OEMs to produce better SEAndroid policies. SELint is extensible and configurable to suit the needs of different OEMs. It is provided with a default configuration based on the AOSP SEAndroid policy, but can be customized by OEMs.

show abstract

SPTrack: Visual Analysis of Information Flows within SELinux Policies and Attack Logs

Cited by 16 publications

References 9 publications

Hyperion: A Visual Analytics Tool for an Intrusion Detection and Prevention System

Hyperion: A Visual Analytics Tool for an Intrusion Detection and Prevention System

FlowConSEAL: Automatic Flow Consistency Analysis of SEAndroid and SELinux Policies

SELint: An SEAndroid Policy Analysis Tool

Contact Info

Product

Resources

About