Dan Thomsen - Tresys Technology

Oct 13, 2004

Size: 219.1MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

"Information Flow Analysis in Security Enhanced Linux"

Abstract

Most people now realize that computer security is hard. However, many people do not realize that creating a correct security policy is hard. Creating an accurate security policy is on the order of complexity of developing software in general. In particular how can you show the policy is correct?



The focus of this seminar is to look at tools and techniques for showing that the mandatory security policy based on type enforcement meets its objectives. The approach breaks down the security policy objectives so that they can be studied in terms of information flows. The policies are specified for the Security Enhanced Linux type enforcement mechanism. Type enforcement and mandatory access control will also be discussed.

About the Speaker

Dan Thomsen is a Senior Research Scientist at Tresys Technology. In his seventeen year career, Mr. Thomsen has provided contributions to a wide range of computer security programs. They include the increasing the security and survivability of the Joint Battlespace Infosphere, security assessment for the Cougaar agent system, development of the high security LOCK multilevel security platform, secure database research, and Internet vulnerability analysis. Mr. Thomsen was also the principle investigator responsible for the creation of the Napoleon policy management framework. Mr. Thomsen has published over twenty technical papers on computer security topics including type enforcement and role based access control. Mr. Thomsen currently serves as the program chair for the Annual Computer Security Applications Conference (ACSAC). Mr. Thomsen has a M.S. in Computer Science from the University of Minnesota and a B.A in Computer Science and Math from the University of Minnesota - Duluth. He is a senior member of IEEE and a member of IFIP working group 11.3 on Data and Application Security.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...

Coming Up!

Our annual security symposium will take place on April 7 & 8, 2020.
Purdue University, West Lafayette, IN

More Information