Research On Policy Conflict Detection Based On SELinux

One of the most important issues in information systems is controlling access to information,allowing legitimate access to authorized users while preventing unauthorized access is the goal of an access control system.Security Enhanced Linux(SELinux)is an access control system implemented in the operating system based on the type enforcement model,which enables fine-grained management of dynamic processes and static files in the operating system.A policy conflict occurs when the policies satisfied by an authorization in the system have conflicting behavior.If two conflicting access rights are granted to a separate entity,such as the same process,the process will be affected by the conflicting policies to abnormal system behavior and will not function properly.There are no standard specifications for the implementation of security policies,and the policy language is still expressed in natural language,so there is no uniform specification for how security policies are defined.Security policy conflicts are mainly divided intotwo categories:one is explicit conflicts,including positive and negative authorizationconflicts;and the other is implicit conflicts,including conflicts caused by the workflowsequence and conflicts caused by hidden information flow.In the process of running SELinux,the system does not detect the conflicts in the policy file,which will bring greatsecurity risks.For positive and negative authorization conflicts and policy conflicts due to workflow order,this dissertation proposes a bit-vector based conflict detection algorithm that converts the dimension to a node on a binary tree by decomposing each dimension of the policy.After using the bit vector as an additional attribute of the node,the process of adding the policy updates the bit vector of the node,and eventually the bit vector of the node preserves the relationship between the policy and other rules in the policy library on this dimension.Conflict detection only needs to query the corresponding bit vector on each dimensional node and do the per-bit and operation.For the detection of implicit information flow,this dissertation abstracts the access control system into the form of a directed graph,abstracts subjects and objects into nodes in the directed graph,and abstracts strategies involving information flow into edges in the directed graph.The detection of implicit information flow between entities is converted to the detection of reachability between nodes,and the nodes are ordered by weight functions according to the idea of hierarchical access,while pruning during traversal of the graph to reduce operations.Both algorithms proposed in this dissertation involve structure construction time and query time.Using a randomly generated dataset,and by varying the dataset size and conflict notes,the bit-vector based conflict detection algorithm performs significantly better than the comparison algorithm using a collection and the algorithm based on decision tree.Using the SELinux reference policy with the SELinux policy in Android as the dataset,this dissertation verifies that the method using a directed graph combined with node labels can detect implicit information flows well compared to the method of read write flow model.