|
Tools for Managing SELinux
In this project, we investigate tools for managing SELinux (the Security Enhanced
Linux project from the National Security
Agency), and in particular we are designing tools for creating and
analyzing security policies for SELinux. SELinux is a very flexible
system, but with that flexibility comes the cost of very complex
security rules. For example, a recent release of SELinux from the NSA
had an example security policy which generated 37,217 basic rules for
the type-enforcement system. While they supply a policy compiler that
makes the task of generating such a policy easier, we are exploring
the possibility for more powerful tools, and tools which enable formal
analysis of security policies.
Main investigators: Steve Tate
Software Released
tebrowse |
Latest version: 0.5, Released: April 25, 2002
This is a GUI browser for type-enforcement rules.
This tool allows a policy designer to easily organize and filter
type-enforcement rules in order to better understand the defined
security policy.
Download: Source
|
|
