Research On Technologies Of Analysis And Adjustment On Selinux Policy Based On Information Flow

With the development and application of computer technology, security of computer system has received more and more attention than ever before. The invention of mandatory access control provides a fundamental support to system security, by restricting the access ability of subjects in system. Especially, Security-Enhanced Linux provides fine-grained access control for various access control policies flexibly, at a very low system performance penalty. However, because of the huge size of its policy rules, the policy configuration is difficult to be managed and verified. The policy is very prone to authorize unsafe access rights. This dissertation proposes a method of verification and adjustment of policy configuration based on information flow analysis for both system and applications.The main work is as follows:1. We investigate the infrastructure of SELinux and its policy model, and introduce several existing policy analysis tools. The conclusion is that the property of information flow is security-sensitive for access control. And we choose to verify and adjust the policy configuration under the help of information flow.2. The method proposed in this dissertation models SELinux policy to build the information flow graph, by converting access authorization rules to flow relations. And the system security goals could be expressed by information flows. We find the illegal information flow paths and figure out unsafe access authorizations by analyzing the information flow graph against security goals. And then the access rights of target subject are split into different security status in which different access authorizations are granted according to its received information, which enable accurate authorization control on the time dimension.3. We apply static information flow analysis on the source code of target program to find data dependence between input interfaces and output interfaces. Special tags are instrumented at possible information output points to change the access rights of program dynamically. In this way, we mitigate the impact on the functionality of program because of rights change, and enable accurate authorization control on the space dimension.4. We implement an automatic analysis tool in the framework of GCC, and modify the SELinux security kernel to support the method in this dissertation. The effectiveness is proved by analyzing the Linux log management tool, logrotate.