Git Product home page Git Product logo

Comments (2)

JonasCir avatar JonasCir commented on July 22, 2024 2

I just stumbled across this ticket and wanted to add my two cents:

I couple of years ago, I wrote an audit/analysis tool (also in Rust) for SELinux policies as part of my bachelor thesis. The tool used the following graph representation:

  • actors and resources were separately typed/labeled nodes
  • directed edges were introduced for each way an actor could get access to a resource (i.e., there could be multiple access vectors from one actor to a resource)
  • each edge was tagged with an access operation (e.g., read, write, execute) and a label which stated the specific "reason" for the access vector being present (i.e., directly allowed by rule X, allowed by role Y etc.)

With this you can easily query and visualize the access control space (i.e., all the resources an actor has access to) among other things.

A super nice feature that I built allowed to check for confidentiality, integrity, and isolation violating information flows in the policy by:

  • assigning security domains to actors and resources
  • and then scan for violating edges:
    • integrity: there must not exist any "read" operation from untrusted to trusted domains such that the trusted domain can be compromised
    • confidentiality: there must not exist any "write" operation from trusted to untrusted domains such that sensitive information can be leaked
    • isolation: domains are completely distinct

I'm aware that this is a rather hardcore approach to policy auditing and I don't know if this fits in the scope of what you had in mind when you first opened this ticket. But having an audit framework where people can plugin their own, potentially sophisticated scanners (i.e., to proof isolation of two domains if need be) would definitely be a killer feature and great selling point for Oso in my opinion.

I always wanted to write a small prototype for Oso based on my previous work but never found the time. In principle, however, I'm super interested in contributing to such an auditing tool as I see great potential here.

P.S.: I wanted to call my prototype dosometer in homage to dosimeters which measure your uptake in radiation. dosometer would then measure your uptake in dangerous policy rules. Maybe you like the name and consider it, dunno 😄

from oso.

gneray avatar gneray commented on July 22, 2024

Great to get some feedback here. And super well thought out. We will circle back as/when we get to this. Thanks!

from oso.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.