mandatory access control; policies; secure operating system; uncertainty; expert system; SELinux

This article deals with mandatory access controls and security policies within an operating system and proposes general methodology for selection and deployment of policies based on vague information, where these vague descriptions are representing operational, functional and security requirements imposed on the operating system. The proposed methodology is supported by an expert system, purpose of which (together with the methodology) is to minimize, or even completely eliminate, the need for a security consultant as an expert in the problem domain, who is usually needed in the process of designing of a secure operating system. Overall, the methodology tries to move this key responsibility to either the user or the administrator.

This article deals with mandatory access controls and security policies within an operating system and proposes general methodology for selection and deployment of policies based on vague information, where these vague descriptions are representing operational, functional and security requirements imposed on the operating system. The proposed methodology is supported by an expert system, purpose of which (together with the methodology) is to minimize, or even completely eliminate, the need for a security consultant as an expert in the problem domain, who is usually needed in the process of designing of a secure operating system. Overall, the methodology tries to move this key responsibility to either the user or the administrator.