Skip to Main content Skip to Navigation
Conference papers

FlowConSEAL: Automatic Flow Consistency Analysis of SEAndroid and SELinux Policies

Abstract : SELinux/SEAndroid policies used in practice contain tens of thousands of access rules making it hard to analyse them. In this paper, we present an algorithm for reasoning about the consistency of a given policy by analysing the information flows implied by it. For this purpose, we model SELinux policy rules using the Readers-Writers Flow Model (RWFM). Using this model, our method identifies all possible indirect flows due to a given policy that could lead to inconsistency. One of the main features of the method is that it not only identifies inconsistencies in the policy but also traces the rules that lead to inconsistency. To distinguish between benign and vulnerable indirect flows, we further categorise the indirect rules that directly contradict neverallow rules in the policy and hence have a high potential for information leak. We further rank the rules and domains based on the number of policy violations they cause. We have also implemented a tool FlowConSEAL based on the above method and have applied it on various SELinux/SEAndroid policies for providing a succinct feedback to the user.
Document type :
Conference papers
Complete list of metadata

Cited literature [20 references]  Display  Hide  Download

https://hal.inria.fr/hal-01954401
Contributor : Hal Ifip <>
Submitted on : Thursday, December 13, 2018 - 4:03:22 PM
Last modification on : Thursday, February 7, 2019 - 3:37:42 PM
Long-term archiving on: : Thursday, March 14, 2019 - 3:58:04 PM

File

470961_1_En_14_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

B. Radhika, N. Narendra Kumar, R. Shyamasundar. FlowConSEAL: Automatic Flow Consistency Analysis of SEAndroid and SELinux Policies. 32th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2018, Bergamo, Italy. pp.219-231, ⟨10.1007/978-3-319-95729-6_14⟩. ⟨hal-01954401⟩

Share

Metrics

Record views

116

Files downloads

17