Advertisement

FlowConSEAL: Automatic Flow Consistency Analysis of SEAndroid and SELinux Policies

  • B. S. RadhikaEmail author
  • N. V. Narendra Kumar
  • R. K. Shyamasundar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10980)

Abstract

SELinux/SEAndroid policies used in practice contain tens of thousands of access rules making it hard to analyse them. In this paper, we present an algorithm for reasoning about the consistency of a given policy by analysing the information flows implied by it. For this purpose, we model SELinux policy rules using the Readers-Writers Flow Model (RWFM). Using this model, our method identifies all possible indirect flows due to a given policy that could lead to inconsistency. One of the main features of the method is that it not only identifies inconsistencies in the policy but also traces the rules that lead to inconsistency. To distinguish between benign and vulnerable indirect flows, we further categorise the indirect rules that directly contradict neverallow rules in the policy and hence have a high potential for information leak. We further rank the rules and domains based on the number of policy violations they cause. We have also implemented a tool FlowConSEAL based on the above method and have applied it on various SELinux/SEAndroid policies for providing a succinct feedback to the user.

References

  1. 1.
    Loscocco, P., Smalley, S.: Integrating flexible support for security policies into the linux operating system. In: USENIX Annual Technical Conference, pp. 29–42 (2001)Google Scholar
  2. 2.
    Eaman, A., Sistany, B., Felty, A.: Review of existing analysis tools for SELinux security policies: challenges and a proposed solution. In: Aïmeur, E., Ruhi, U., Weiss, M. (eds.) MCETECH 2017. LNBIP, vol. 289, pp. 116–135. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-59041-7_7CrossRefGoogle Scholar
  3. 3.
    Wright, C., Cowan, C., Smalley, S., Morris, J., Kroah-Hartman, G.: Linux security modules: general security support for the linux kernel. In: USENIX, pp. 17–31 (2002)Google Scholar
  4. 4.
    Kumar, N.V.N., Shyamasundar, R.K.: A complete generative label model for lattice-based access control models. In: Cimatti, A., Sirjani, M. (eds.) SEFM 2017. LNCS, vol. 10469, pp. 35–53. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-66197-1_3CrossRefGoogle Scholar
  5. 5.
    Denning, D.E.: A lattice model of secure information flow. CACM 19(5), 236–243 (1976)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Bell, D.E., LaPadula, L.J.: Secure computer systems: Mathematical foundations. Technical report MTR-2547-VOL-1, MITRE CORP BEDFORD MA (1973)Google Scholar
  7. 7.
    Biba, K.J.: Integrity considerations for secure computer systems. Technical report MTR-3153-REV-1, MITRE CORP BEDFORD MA (1977)Google Scholar
  8. 8.
    Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Commun. ACM 19(8), 461–471 (1976)CrossRefGoogle Scholar
  9. 9.
    Uzun, E., Parlato, G., Atluri, V., Ferrara, A.L., Vaidya, J., Sural, S., Lorenzi, D.: Preventing unauthorized data flows. In: Livraga, G., Zhu, S. (eds.) DBSec 2017. LNCS, vol. 10359, pp. 41–62. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-61176-1_3CrossRefGoogle Scholar
  10. 10.
    TresysTechnology: Setools: Policy analysis tools for SELinux. https://github.com/TresysTechnology/setools Accessed Nov 2017
  11. 11.
    Sarna-Starosta, B., Stoller, S.D.: Policy analysis for security-enhanced linux. In: WITS Proceedings, pp. 1–12 (2004)Google Scholar
  12. 12.
    Jaeger, T., Sailer, R., Zhang, X.: Analyzing integrity protection in the SElinux example policy. In: USENIX Security Symposium-Volume 12, p. 5 (2003)Google Scholar
  13. 13.
    Zhai, G., Guo, T., Huang, J.: SCIATool: a tool for analyzing SElinux policies based on access control spaces, information flows and CPNs. In: Yung, M., Zhu, L., Yang, Y. (eds.) INTRUST 2014. LNCS, vol. 9473, pp. 294–309. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-27998-5_19CrossRefGoogle Scholar
  14. 14.
    Gove, R.: V3SPA: a visual analysis, exploration, and diffing tool for selinux and seandroid security policies. In: IEEE VizSec, pp. 1–8 (2016)Google Scholar
  15. 15.
    Marouf, S., Shehab, M.: SEGrapher: Visualization-based SELinux Policy Analysis. In: Symposium on Configuration Analytics and Automation, SafeConfig (2011)Google Scholar
  16. 16.
    Clemente, P., Kaba, B., Rouzaud-Cornabas, J., Alexandre, M., Aujay, G.: SPTrack: visual analysis of information flows within SELinux policies and attack logs. In: Huang, R., Ghorbani, A.A., Pasi, G., Yamaguchi, T., Yen, N.Y., Jin, B. (eds.) AMT 2012. LNCS, vol. 7669, pp. 596–605. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-35236-2_60CrossRefGoogle Scholar
  17. 17.
    Reshetova, E., Bonazzi, F., Nyman, T., Borgaonkar, R., Asokan, N.: Characterizing SEAndroid policies in the wild. In: ICISSP, pp. 482–489 (2016)Google Scholar
  18. 18.
    Reshetova, E., Bonazzi, F., Asokan, N.: Selint: an SEandroid policy analysis tool. In: ICISSP, pp. 47–58 (2017)Google Scholar
  19. 19.
    Chen, H., Li, N., Enck, W., Aafer, Y., Zhang, X.: Analysis of SEAndroid policies: combining MAC and DAC in Android. In: ACM ACSAC, pp. 553–565 (2017)Google Scholar
  20. 20.
    Wang, R., Enck, W., Reeves, D.S., Zhang, X., Ning, P., Xu, D., Zhou, W., Azab, A.M.: EASEAndroid: automatic policy analysis and refinement for security enhanced android via large-scale semi-supervised learning. In: USENIX Security Symposium, pp. 351–366 (2015)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2018

Authors and Affiliations

  • B. S. Radhika
    • 1
    Email author
  • N. V. Narendra Kumar
    • 2
  • R. K. Shyamasundar
    • 1
  1. 1.Indian Institute of Technology BombayMumbaiIndia
  2. 2.Institute for Development and Research in Banking TechnologyHyderabadIndia

Personalised recommendations