Hi Alloy community,
We’re working on a paper about automating SELinux policy analysis, and we’re considering using Alloy for formal verification. I recently spoke with Professor @DanielJackson , who suggested that this forum would be a great place to seek input on using Alloy in this context.
Project Overview
Our project aims to address the growing complexity of SELinux policies and the crucial need for ensuring their correctness. As security policies become more complex, it’s increasingly important for distribution/OS maintainers to know exactly what they’re providing to customers. SELinux’s protections are only as strong as the policies provided.
We’re exploring a combination of approaches:
-
Graph-based policy analysis
- Parsing SELinux policies into graph databases using Cypher queries
- Investigating different graph-based anomaly detection techniques
-
Formal verification methods
- Exploring the use of SMT for policy verification
- Converting SELinux policies to SMT formulas to automatically check for inconsistencies and policy violations
-
Neurosymbolic approach to policy generation
- Combining formal policy generation with language model guidance
- Inspired by techniques used in projects like Google DeepMind’s AlphaGeometry
Our proposed system would:
- Generate initial policy drafts using a policy engine based on basic system information
- Refine these drafts using a language model trained on SELinux policies
- Continuously improve policies through analysis tools and language model feedback
- Incorporate human oversight for critical systems
We believe this approach could significantly streamline SELinux policy creation, making it more efficient and adaptable to evolving security requirements.
Questions for the Alloy Community
We believe Alloy could play a key role in the formal verification aspect of this process. However, we have some questions we’d love to get your insights on:
-
How readily can SELinux policies and their properties be expressed in Alloy? Has anyone here worked on similar modeling problems?
-
What’s the best approach to verifying policy correctness using Alloy? We’re considering defining properties to check automatically, but we’re unsure about the specific properties that would be most effective or how to formulate them in Alloy.
-
Are there any particular challenges or limitations we should be aware of when using Alloy for this kind of policy verification?
-
Does anyone have experience integrating Alloy with other tools or approaches (like SMT solvers or graph databases) that might be relevant to our project?
-
Given our interest in combining language models with formal verification, are there any specific considerations or potential pitfalls we should be aware of when trying to integrate Alloy into such a workflow?
We’d greatly appreciate any thoughts, experiences, or suggestions you can share. Your expertise could really help shape our approach to using Alloy in this domain.
Thanks in advance for your input! : )