IFCIL: An Information Flow Configuration Language for SELinux (Extended Version). (arXiv:2205.15915v1 [cs.CR])

Security Enhanced Linux (SELinux) is a security architecture for Linux
implementing mandatory access control. It has been used in numerous
security-critical contexts ranging from servers to mobile devices. But this is
challenging as SELinux security policies are difficult to write, understand,
and maintain. Recently, the intermediate language CIL was introduced to foster
the development of high-level policy languages and to write structured
configurations. However, CIL lacks mechanisms for ensuring that the resulting
configurations obey desired information flow policies. To remedy …

configuration information language version