Beyond SELinux: the Case for Behavior-Based Policy and Trust Languages

Despite the availability of powerful mechanisms for security policy and access control, real-world information security practitioners-both developers and security officers-still find themselves in need of something more. We believe that this is the case because available policy languages do not provide clear and intelligible ways to allow developers to communicate their knowledge and expectations of trustworthy behaviors and actual application requirements to IT administrators. We work to address this policy engineering gap by shifting the focus of policy language design to this communication via behavior-based policies and their motivating scenarios.