SLAT: SE Linux policy file analysis.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: ramsdell@mitre.org (John D. Ramsdell)
To: SE Linux <selinux@tycho.nsa.gov>
Cc: ramsdell@mitre.org
Subject: SLAT: SE Linux policy file analysis.
Date: 05 Dec 2003 13:07:49 -0500	[thread overview]
Message-ID: <ogtoeun6sui.fsf@divan.mitre.org> (raw)
In-Reply-To: <1070587102.27071.159.camel@hawaii.efficax.net>

The SELinux Analysis Tools (SLAT) provide a systematic way to
determine if security goals are achieved by a given SELinux policy
configuration.  In particular, SLAT is concerned with information flow
security goals, which describe desired paths by which information
moves throughout a system.  We provide a simple syntax in which to
express these goals.

The tools extract the allowed information flows specified by a given
SELinux policy configuration.  The information flow and the security
goals are translated into model checker input, which attempts to prove
that the policy configure meets the specified security goals.  Each
counterexample generated by the model checker indicates some
sort of configuration failure.

To make the tools more accessible, I've placed a source distribution
and an RPM at the following location:

http://www.ccs.neu.edu/home/ramsdell/tools/selinux/slat-1.0.1.tar.gz

http://www.ccs.neu.edu/home/ramsdell/tools/selinux/slat-1.0.1-1.i386.rpm  

The SLAT software uses OCaml, a dialect of ML.  The easiest way to
install it is with an RPM from:

http://caml.inria.fr

John

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2003-12-05 18:07 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-12-05  1:18 Nick
2003-12-05  2:07 ` ssh policy Russell Coker
     [not found]   ` <1070651210.27071.290.camel@hawaii.efficax.net>
2003-12-06  6:22     ` Russell Coker
2003-12-05 18:07 ` John D. Ramsdell [this message]
2003-12-05 18:21   ` Security contexts in strace John D. Ramsdell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ogtoeun6sui.fsf@divan.mitre.org \
    --to=ramsdell@mitre.org \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.