【2021.06.24】SENG: An Enhanced Policy Language for SELinux

Time

2021.06.24

Summary

Structure

Research Objective

SELinux policy language

Problem Statement

1.the policy for a typical Linux system contains a large number of distinct types,a realistic policy will be large and unwieldy.
2.Most of the statements in the current SELinux policy language operate directly on features of the underlying access control model(底层访问控制模型的功能).
3.One of the major factors preventing widespread adoption of SELinux is the preceived diffificulty of writing policies.

Previous Method(s)

1.manage this complexity through preprocessor macros(预处理器宏),using them to encapsulate portions of the policy.（弊端：这种宏禁止用工具分析策略，对之后的改进造成了阻碍）

Method(s)

1.Introduce SENG,an experimental alternative language for writing SELinux policies.

Evaluation

Conclusion

Notes

Words

1.naming conventions 命名约定

Terminology

1.the m4 macro processor are used to express the intended policy more succinctly,hiding implementation details and providing higher-level abstractions over the rules in the underlying language.(缺点：the pervasive use of m4 inhibits the ability of automated tools to analyze a policy.)

Sentence

1.The SELinux reference policy [4] splits a policy into individual modules.

TimtLine