NDLI: Integrating selinux with security-typed languages (2007)

Please wait, while we are loading the content...

Integrating selinux with security-typed languages (2007)

Content Provider	CiteSeerX
Author	Hicks, Boniface Rueda, Ra Jaeger, Trent Mcdaniel, Patrick
Description	Traditionally, operating systems have enforced MAC and information flow policies with minimal dependence on application programs. However, there are many cases where systems depend on user-level programs to enforce information flows. Previous approaches to handling this problem, such as privilege-separation of application components or assuming trust in application information flow enforcement, are prone to error and cumbersome to manage. On the other hand, recent advances in the area of security-typed languages have enabled the development of realistic applications with formally and automatically verified information flow controls. In this paper, we examine what it takes to integrate information flow enforcement of applications written in a security-typed extension of Java (called Jif) with SELinux. To this end, we have extended the Jif infrastructure to support interaction with SELinux security contexts, and we describe the SELinux policy and system calls which are necessary for a successful integration. We have also identified the need for further services, such as a means of formally verifying compliance between information flow policies. We have demonstrated the utility, flexibility and security of our approach by constructing a prototype multi-level secure email client.
File Format	PDF
Language	English
Publisher Date	2007-01-01
Publisher Institution	In Proceedings of the 3rd SELinux Symposium
Access Restriction	Open
Subject Keyword	Minimal Dependence Realistic Application Jif Infrastructure Many Case Selinux Policy Application Program Application Component Security-typed Language Information Flow User-level Program Selinux Security Context Successful Integration System Call Application Information Flow Enforcement Verified Information Flow Control Security-typed Extension Previous Approach Recent Advance Information Flow Policy Information Flow Enforcement Prototype Multi-level Secure Email Client
Content Type	Text
Resource Type	Article

Central Library (ISO-9001:2015 Certified)
Indian Institute of Technology Kharagpur
Kharagpur, West Bengal, India | PIN - 721302

See location in the Map
03222 282435
Mail: support@ndl.gov.in

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in