A Practical Alternative to Domain and Type Enforcement Integrity Formal Models

  • Liuying Tang
  • Sihan Qing
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4318)


Much secure system policy development uses the DTE (Domain and Type Enforcement) model, but the DTE model cannot explicitly provide the security goals of the policy. The invariants of the only based-DTE integrity protection formal model are too complex and make the model impractical. A DTE-Biba integrity formal model is proposed, in which DTE is the underlying component and the Biba integrity is the security goal. The DTE-Biba formal model describes direct Biba control relationships, and ignores the integrity level of objects. The aim is to provide the foundation for supporting effective policy configuration, policy integrity analysis and integrity verification of the DTE secure systems.


Security label security goal integrity information flow formal model 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Boebert, W.E., Kain, R.Y.: A practical alternative to hierarchical integrity policies. In: Proceedings of the 8th National Computer Security Conference, Gaithersburg, Maryland, pp. 18–27 (1985)Google Scholar
  2. 2.
    Badger, L., Sterne, D.F., Sherman, D.L., Walker, K.M.: A domain and type enforcement UNIX prototype. USENIX Computing Systems 9(1), 47–83 (1996)Google Scholar
  3. 3.
    Hallyn, S.E., Kearns, P.: Domain and type enforcement for Linux. In: Proceedings of the 4th Annual Linux Showcase and Conference, pp. 247–260 (October 2000)Google Scholar
  4. 4.
    Abrams, M.D., Joyce, M.V.: Trusted system concepts. Computers & Security 14(1), 45–56 (1995); ©Elsevier Advanced Technology 1995, Oxford, UKGoogle Scholar
  5. 5.
    National Security Agency. Security-Enhanced Linux (SELinux) (2001),
  6. 6.
    Smalley, S.: Configuring the SELinux policy. NAI Labs Report #02-007 (June 2002), Available at:
  7. 7.
    Loscocco, P., Smalley, S.: Meeting critical security objectives with security-enhanced Linux. In: Proceedings of the 201 Ottawa Linux Symposium (2001), Also available at:
  8. 8.
    Jaeger, T., Edward, A., Zhang, X.: Policy management using access control spaces. ACM Transactions on Information and System Security (TISSEC) 6(3), 327–364 (2003)CrossRefGoogle Scholar
  9. 9.
    Jaeger, T., Sailer, R., Zhang, X.: Analyzing integrity protection in the SELinux example policy. In: 12th Usenix Security Symposium, Washington, pp. 59–74 (August 2003)Google Scholar
  10. 10.
    Qingguang, J., Sihan, Q., Yeping, H.: Based-DTE integrity protection formal model. Science in China Ser. E Information Sciences 35(6), 570–587 (2005)Google Scholar
  11. 11.
    Stewart Lee, E.: Essays about computer security, Centre for Communications Systems Research Cambridge, ©Cambridge (1999)Google Scholar
  12. 12.
    Bell, D., La Padula, L.: Secure computer systems: Mathematical foundations, vol. 1. Technical Report ESD-TR-73-278, Mitre Corporation (1973)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Liuying Tang
    • 1
    • 2
    • 4
  • Sihan Qing
    • 2
    • 3
    • 4
  1. 1.Engineering Research Center of Fundamental Software, Institute of SoftwareChinese Academy of ScienceBeijingPRC
  2. 2.Engineering Research Center for Information Security Technology, Institute of SoftwareChinese Academy of SciencesBeijingPRC
  3. 3.ZhongkeAnsheng Corporation of Information TechnologyBeijingPRC
  4. 4.Graduate School of Chinese Academy of SciencesBeijingPRC

Personalised recommendations