Analyzing and Diffing Security Policies

SELinux and SE for Android are important access control systems available in Linux and integrated in Android, but designing and maintaining the policy rules can be challenging for policy administrators because of the number of rules in each policy. I contributed to a research project that experimented with visual analytics help understand policy structure, rules associated with policy denials, and differences between versions of a policy.


V3SPA demo tutorial


V3SPA: An Open Source Tool for Visually Analyzing and Diffing SELinux/SE for Android Security Policies


V3SPA GitHub repo


Robert Gove. “V3SPA: A Visual Analysis, Exploration, and Diffing Tool for SELinux and SEAndroid Security Policies.” Visualization for Cyber Security 2016. [pdf]