Policy Visualization

Policy Visualization

 Determining whether a given policy meets a site’s highlevel security goals can be difficult, due to the low-level nature and complexity of the policy language, and the multiple policy violation patterns. We propose a visualization-based policy analysis framework that enables system administrators to visually query and visualize SELinux security policies and to easily identify the policy violations. We propose and formalize both a semantic substrate and adjacency matrix visualization techniques for policy visualization. Furthermore, we propose a visual query language for expressing policy queries in a visual form. Our framework is targeted towards enabling the average administrator by providing an intuitive cognitive sense about the policy, policy queries and policy violations. We also describe our implementation of a visualization-based policy analysis tool that provides the functionalities discussed in our framework. Related Publications:

  1. Wenjuan Xu, Mohamed Shehab, Gail-Joon Ahn, Visualization Based Policy Analysis: Case Study in SELinux, in Proceedings of ACM Symposium of Access Control, Models and Technologies (SACMAT’08), Estes Park, CO, USA, June 2008. [SACMAT 2008 PDF]