Security-Policy Analysis with eXtended Unix Tools Dartmouth Computer Science Technical Report TR2013-728

Posted on:2014-11-03

Degree:Ph.D

Type:Dissertation

University:Dartmouth College

Candidate:Weaver, Gabriel A

Full Text:PDF

GTID:1458390008461278

Subject:Computer Science

Abstract/Summary:

During our fieldwork with real-world organizations--including those in Public Key Infrastructure (PKI), network configuration management, and the electrical power grid---we repeatedly noticed that security policies and related security artifacts are hard to manage. We observed three core limitations of security policy analysis that contribute to this difficulty. First, there is a gap between policy languages and the tools available to practitioners. Traditional Unix text-processing tools are useful, but practitioners cannot use these tools to operate on the high level languages in which security policies are expressed and implemented. Second, practitioners cannot process policy at multiple levels of abstraction but they need this capability because many high level languages encode hierarchical object models. Finally, practitioners need feedback to be able to measure how security policies and policy artifacts that implement those policies change over time.;We designed and built our eXtended Unix tools (XUTools) to address these limitations of security policy analysis. First, our XUTools operate upon context-free languages so that they can operate upon the hierarchical object models of high-level policy languages. Second, our XUTools operate on parse trees so that practitioners can process and analyze texts at multiple levels of abstraction. Finally, our XUTools enable new computational experiments on multi-versioned structured texts and our tools allow practitioners to measure security policies and how they change over time. Just as programmers use high-level languages to program more efficiently, so can practitioners use these tools to analyze texts relative to a high-level language.;Throughout the historical transmission of text, people have identified meaningful substrings of text and categorized them into groups such as sentences, pages, lines, function blocks, and books to name a few. Our research interprets these useful structures as different context-free languages by which we can analyze text. XUTools are already in demand by practitioners in a variety of domains and articles on our re- search have been featured in various news outlets that include ComputerWorld, CIO Magazine, Communications of the ACM, and Slashdot.

Keywords/Search Tags:

Tools, Security, Policy, Unix, Practitioners

Related items

1	A Study On The Security Protection And Supervision For UNIX System In Classified Intranet Environments
2	Study On Analysis Tools For SELinux Security Policy
3	Research On EU Data Security Policy Based On Analysis Of Policy Text Content
4	Research On China's Personal Information Protection Policy From The Perspective Of Policy Tools
5	Software To Restore The Strategic Research And Its Applications On Unix
6	Research On Commercial Security Policy And Its Formal Analysis
7	Study On Tools Of SELinux Policy Configuration
8	Research On Technology Of Security Policy Transformation
9	Research On Policy Framework And Some Of Its Key Technologies For Network Security Management
10	Research On Network Security Policy Change In Perspective Of Advocacy Coalition In Liaoning Province