Information Flow Analysis in Security Enhanced Linux
Dan Thomsen - Tresys Technology
Oct 13, 2004Size: 219.1MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractMost people now realize that computer security is hard. However, many people do not realize that creating a correct security policy is hard. Creating an accurate security policy is on the order of complexity of developing software in general. In particular how can you show the policy is correct?
The focus of this seminar is to look at tools and techniques for showing that the mandatory security policy based on type enforcement meets its objectives. The approach breaks down the security policy objectives so that they can be studied in terms of information flows. The policies are specified for the Security Enhanced Linux type enforcement mechanism. Type enforcement and mandatory access control will also be discussed.
About the SpeakerDan Thomsen is a Senior Research Scientist at Tresys Technology. In his seventeen year career, Mr. Thomsen has provided contributions to a wide range of computer security programs. They include the increasing the security and survivability of the Joint Battlespace Infosphere, security assessment for the Cougaar agent system, development of the high security LOCK multilevel security platform, secure database research, and Internet vulnerability analysis. Mr. Thomsen was also the principle investigator responsible for the creation of the Napoleon policy management framework. Mr. Thomsen has published over twenty technical papers on computer security topics including type enforcement and role based access control. Mr. Thomsen currently serves as the program chair for the Annual Computer Security Applications Conference (ACSAC). Mr. Thomsen has a M.S. in Computer Science from the University of Minnesota and a B.A in Computer Science and Math from the University of Minnesota - Duluth. He is a senior member of IEEE and a member of IFIP working group 11.3 on Data and Application Security.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.