TY - GEN
T1 - SPTrack
T2 - 8th International Conference on Active Media Technology, AMT 2012
AU - Clemente, Patrice
AU - Kaba, Bangaly
AU - Rouzaud-Cornabas, Jonathan
AU - Alexandre, Marc
AU - Aujay, Guillaume
PY - 2012
Y1 - 2012
N2 - Analyzing and administrating system security policies is difficult as policies become larger and more complex every day. The paper present work toward analyzing security policies and sessions in terms of security properties. Our intuition was that combining both visualization tools that could benefit from the expert's eyes, and software analysis abilities, should lead to a new interesting way to study and manage security policies as well as users' sessions. Rather than trying to mine large and complex policies to find possible flaws within, work may concentrate on which potential flaws are really exploited by attackers. Actually, the paper presents some methods and tools to visualize and manipulate large SELinux policies, with algorithms allowing to search for paths, such as information flows within policies. The paper also introduces a complementary original approach to analyze and visualize real attack logs as session graphs or information flow graphs, or even aggregated multiple-sessions graphs. Our wishes is that in the future, when those tools will be mature enough, security administrator can then confront the statical security view given by the security policy analysis and the dynamical and real-world view given by the parts of attacks that most often occurred.
AB - Analyzing and administrating system security policies is difficult as policies become larger and more complex every day. The paper present work toward analyzing security policies and sessions in terms of security properties. Our intuition was that combining both visualization tools that could benefit from the expert's eyes, and software analysis abilities, should lead to a new interesting way to study and manage security policies as well as users' sessions. Rather than trying to mine large and complex policies to find possible flaws within, work may concentrate on which potential flaws are really exploited by attackers. Actually, the paper presents some methods and tools to visualize and manipulate large SELinux policies, with algorithms allowing to search for paths, such as information flows within policies. The paper also introduces a complementary original approach to analyze and visualize real attack logs as session graphs or information flow graphs, or even aggregated multiple-sessions graphs. Our wishes is that in the future, when those tools will be mature enough, security administrator can then confront the statical security view given by the security policy analysis and the dynamical and real-world view given by the parts of attacks that most often occurred.
UR - http://www.scopus.com/inward/record.url?scp=84870360316&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-35236-2_60
DO - 10.1007/978-3-642-35236-2_60
M3 - Published Conference contribution
AN - SCOPUS:84870360316
SN - 9783642352355
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 596
EP - 605
BT - Active Media Technology - 8th International Conference, AMT 2012, Proceedings
Y2 - 4 December 2012 through 7 December 2012
ER -