Towards system integrity protection with graph-based policy analysis

Wenjuan Xu, Xinwen Zhang, Gail-Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Scopus citations


Identifying and protecting the trusted computing base (TCB) of a system is an important task, which is typically performed by designing and enforcing a system security policy and verifying whether an existing policy satisfies security objectives. To efficiently support these, an intuitive and cognitive policy analysis mechanism is desired for policy designers or security administrators due to the high complexity of policy configurations in contemporary systems. In this paper, we present a graph-based policy analysis methodology to identify TCBs with the consideration of different system applications and services. Through identifying information flows violating the integrity protection of TCBs, we also propose resolving principles to using our developed graph-based policy analysis tool.

Original languageEnglish (US)
Title of host publicationData and Applications Security XXIII - 23rd Annual IFIP WG 11.3 Working Conference, Proceedings
Number of pages16
StatePublished - 2009
Event23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security - Montreal, QC, Canada
Duration: Jul 12 2009Jul 15 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5645 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security
CityMontreal, QC

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'Towards system integrity protection with graph-based policy analysis'. Together they form a unique fingerprint.

Cite this