Beta 1


Title Model and analysis of Role-Based Access Control in SELinux using Description Logic
Author Dickerson, Alan Ashton
Supervisor Hansen, Michael Reichhardt (Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark)
Sharp, Robin (Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark)
Institution Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark
Thesis level Master's thesis
Year 2006
Abstract Security-Enhanced Linux (SELinux) is a version of Linux which, amongst other things, supports Role-Based Access Control (RBAC). The use of the access controls in SELinux have proven to be difficult to use and to perform maintenance upon, especially as the system evolves it may be difficult for the system administrators to comprehend the effects of the changes on the access control policy. Development of an analysis tool for RBAC in SELinux is therefore an important goal. [Chen Zhao and Lin, 2005] discuss how elements of RBAC can be modeled using the Description Logic ALLQ , and demonstrate how a reasoner for ALCQ can be used for analysis. The thesis presents a definition of the access controls of SELinux and shows how to formalize these in ALCQ . It introduces rules for use of an automated implementation of a tool that will model most SELinux configurations. It sketches out ways that the reasoner for an SELinux representation in ALCQ can be used for analysis by invoking queries.
Imprint Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU : DK-2800 Kgs. Lyngby, Denmark
Pages 133
Keywords Role-Based Access Control; Description Logic; Security-Enhanced Linux; Formal models
Fulltext
Original PDF imm4446.pdf (1.25 MB)
Admin Creation date: 2006-10-06    Update date: 2012-12-18    Source: dtu    ID: 191626    Original MXD