Browse > Article
http://dx.doi.org/10.5392/JKCA.2018.18.03.309

Policy Reorganization Method for Performance Improvements in SELinux using Loadable Module Policy  

Ko, Jae-Yong (충남대학교 컴퓨터공학과)
Lee, Sanggil (충남대학교 컴퓨터공학과)
Cho, Kyung-Yeon (충남대학교 컴퓨터공학과)
Lee, Cheol-Hoon (충남대학교 컴퓨터공학과)
Publication Information
The Journal of the Korea Contents Association / v.18, no.3, 2018 , pp. 309-319 More about this Journal
Abstract
SELinux is used for system level security in various systems using Linux, and is now being used for device security such as IoT. However, since SELinux has inherent problems of execution time degradation, various studies have been conducted to solve this problem. In this paper, we show that performance can be improved through policy reconfiguration in the environment where the loadable module policy method, which is a general method using SELinux, is applied. By reconfiguring the access query table through the Priority-TE policy that gives priority to the type, it is possible to provide faster execution time for types requiring faster access query performance. This paper introduces the differences between SELinux policy configuration method in Monolithic environment and performance analysis. This can be used as a reference by security administrators or developers in applying SELinux.
Keywords
Secure OS; SELinux; Type Enforcement; Overhead;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 https://en.wikipedia.org/wiki/Linux_Security_Modules
2 https://github.com/SELinuxProject/selinux
3 https://en.wikipedia.org/wiki/Smack_(software)
4 https://en.wikipedia.org/wiki/AppArmor
5 Frank Mayer, Karl Macmillan, and David Caplan, SELinux by Example, 2006.
6 고재용, 최정인, 조경연, 이철훈, "SELinux의 정책 재구성을 통한 성능 개선," 한국콘텐츠학회논문지, 제17권, 제4호, pp.307-319, 2017.   DOI
7 https://github.com/SELinuxProject/cil/wiki
8 https://github.com/SELinuxProject/selinux/tree/ master/libsemanage
9 https://github.com/TresysTechnology/refpolicy
10 https://github.com/SELinuxProject/selinux/tree/ master/libsepol
11 https://fedoraproject.org/wiki/SELinux/semodule
12 Bjorn Vogel and Bernd Steinke, "Using selinux security enforcement in linux-based embedded devices," Proceedings of the 1st international conference on MOBILe Wireless MiddleWARE, Operating Systems, and Applications, ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), 2008.
13 이상길, 이승율, 이철훈, "리눅스 사용자 영역에 실시간성 제공을 위한 미들웨어," 한국콘텐츠학회논문지, 제16권, 제5호, pp.217-228, 2016.   DOI
14 이상길, 이철훈, "멀티프로세서 기반 리눅스에 실시간성 지원 방안 연구," 한국콘텐츠학회 종합학술대회 논문집, pp.57-58, 2015.
15 고재용, 조경연, 이상길, 이철훈, "로드 가능한 정책을 사용하는 SELinux의 정책 재구성을 통한 성능 향상," 한국콘텐츠학회 종합학술대회 논문집, pp.359-360, 2017.
16 Toshihiro YOKOYAMA, Miyuki HANAOKA, Makoto SHIMAMURA, Kenji KONO, and Takahiro SHINAGAWA, "Reducing security policy size for internet servers in secure operating systems," IEICE transactions on information and systems, 2009.
17 A. Kalyanasundaram, B. B. Roy, and S. Rao, "Exploiting Data Parallelism in SELinux Using a Multicore Processor," in Proceedings of the 47th Annual National Convention of Computer Society of India (CSI), 2012.
18 조경연, 고재용, 이상길, 이철훈, "임베디드 리눅스 시스템에 SELinux 적용 방법 연구," 한국콘텐츠학회 종합학술대회 논문집, pp.371-372, 2017.
19 Leandro Fiorin, "Security enhanced linux on embedded systems: A hardware-accelerated implementation," 17th Asia and South Pacific Design Automation Conference, IEEE, 2012.
20 https://fedoraproject.org/wiki/SELinux/checkpolicy
21 https://fedoraproject.org/wiki/SELinux/load_policy
22 https://fedoraproject.org/wiki/SELinux/checkmodule
23 https://fedoraproject.org/wiki/SELinux/semodul e_package