Dan Thomsen, Information Flow Analysis in Security Enhanced Linux episode artwork

EPISODE · Oct 13, 2004 · 55 MIN

Dan Thomsen, Information Flow Analysis in Security Enhanced Linux

from CERIAS Weekly Security Seminar - Purdue University

Most people now realize that computer security is hard. However, many people do not realize that creating a correct security policy is hard. Creating an accurate security policy is on the order of complexity of developing software in general. In particular how can you show the policy is correct? The focus of this seminar is to look at tools and techniques for showing that the mandatory security policy based on type enforcement meets its objectives. The approach breaks down the security policy objectives so that they can be studied in terms of information flows. The policies are specified for the Security Enhanced Linux type enforcement mechanism. Type enforcement and mandatory access control will also be discussed. About the speaker: Dan Thomsen is a Senior Research Scientist at Tresys Technology. In his seventeen year career, Mr. Thomsen has provided contributions to a wide range of computer security programs. They include the increasing the security and survivability of the Joint Battlespace Infosphere, security assessment for the Cougaar agent system, development of the high security LOCK multilevel security platform, secure database research, and Internet vulnerability analysis. Mr. Thomsen was also the principle investigator responsible for the creation of the Napoleon policy management framework. Mr. Thomsen has published over twenty technical papers on computer security topics including type enforcement and role based access control. Mr. Thomsen currently serves as the program chair for the Annual Computer Security Applications Conference (ACSAC). Mr. Thomsen has a M.S. in Computer Science from the University of Minnesota and a B.A in Computer Science and Math from the University of Minnesota - Duluth. He is a senior member of IEEE and a member of IFIP working group 11.3 on Data and Application Security.

Episode metadata supplied by the publisher feed · Published Oct 13, 2004

Most people now realize that computer security is hard. However, many people do not realize that creating a correct security policy is hard. Creating an accurate security policy is on the order of complexity of developing software in general. In particular how can you show the policy is correct? The focus of this seminar is to look at tools and techniques for showing that the mandatory security policy based on type enforcement meets its objectives. The approach breaks down the security policy objectives so that they can be studied in terms of information flows. The policies are specified for the Security Enhanced Linux type enforcement mechanism. Type enforcement and mandatory access control will also be discussed. About the speaker: Dan Thomsen is a Senior Research Scientist at Tresys Technology. In his seventeen year career, Mr. Thomsen has provided contributions to a wide range of computer security programs. They include the increasing the security and survivability of the Joint Battlespace Infosphere, security assessment for the Cougaar agent system, development of the high security LOCK multilevel security platform, secure database research, and Internet vulnerability analysis. Mr. Thomsen was also the principle investigator responsible for the creation of the Napoleon policy management framework. Mr. Thomsen has published over twenty technical papers on computer security topics including type enforcement and role based access control. Mr. Thomsen currently serves as the program chair for the Annual Computer Security Applications Conference (ACSAC). Mr. Thomsen has a M.S. in Computer Science from the University of Minnesota and a B.A in Computer Science and Math from the University of Minnesota - Duluth. He is a senior member of IEEE and a member of IFIP working group 11.3 on Data and Application Security.

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Dan Thomsen, Information Flow Analysis in Security Enhanced Linux

0:00 55:29

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of CERIAS Weekly Security Seminar - Purdue University?

This episode is 55 minutes long.

When was this CERIAS Weekly Security Seminar - Purdue University episode published?

This episode was published on October 13, 2004.

What is this episode about?

Most people now realize that computer security is hard. However, many people do not realize that creating a correct security policy is hard. Creating an accurate security policy is on the order of complexity of developing software in general. In...

Can I download this CERIAS Weekly Security Seminar - Purdue University episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!