Attack-based Domain Transition Analysis

An attack-based model is proposed to look at the transitive domain transitions allowed in the SE Linux policies, and Apol, a graph-based policy analysis tool, is augmented to implement global transitivedomain translation analysis and more focused reducedTransitive domain transition graphs between sets of suspect domains and sensitive domains.