@inproceedings{oai:ipsj.ixsq.nii.ac.jp:00106620,
 author = {橋本, 正樹 and 滝澤, 峰利 and 高山, 扶美彦 and 辻, 秀典 and 田中, 英彦 and Masaki, Hashimoto and Minetoshi, Takizawa and Fumihiko, Takayama and Hidenori, Tsuji and Hidehiko, Tanaka},
 book = {コンピュータセキュリティシンポジウム2014論文集},
 issue = {2},
 month = {Oct},
 note = {SELinuxはシステム侵害後の被害拡大を防止できる点で有用であるが，ポリシ記述の簡単化はもとより，ポリシの可読性や保守性，拡張性の向上が課題となっている．本研究は，論理型言語によるポリシ記述・処理系を実装することでそれら課題を解決し，記述範囲の拡張や強制アクセス制御機構の相互運用性向上をはかるものである．本稿では，SELinuxの認可判定機構をDatalogで置き換えた上で各種評価を行い，論理型言語によるポリシ処理系が現実的な性能で動作することを実証する．また，強制アクセス制御機構の構成変更に伴う改ざん耐性と迂回困難性の変化を検証し，提案機構の有用性と安全性に対する考察を行った結果を報告する．, SELinux is an effective MAC system for preventing the damage from spreading after security breaches, and there are many challenges  around its policy processing issues such as readability, maintainable and  scalability. Our research aims to improve its expressive power of policy description language and interoperability of authorization system, implementing them by logic programming language. In this paper, we replace the authorization system of SELinux with our logic-based authorization system of Datalog, and demonstrate the feasibility based on various performance evaluations. We also report the results of validating the impact of architectural changes and discussion about safety and usefulness of our system.},
 pages = {743--750},
 publisher = {情報処理学会},
 title = {論理型言語によるSELinux向け認可判定機構の実装と評価},
 volume = {2014},
 year = {2014}
}