The purpose of DTEvisual is to help students better understand a classical security policy -- domain and type enforcement (DTE), which is usually used to protected the integrity of information and implemented in many operating systems. In order to illustrate how to use DTEvisual, a sample DTE specification is used throughout this documentation:

type generic_t, binaries_t, writable_t, readable_t, dte_t;

domain daemon_d = (/sbin/init),
(crwd->writable_t),
(rxd->binaries_t),
(rd->generic_t, readable_t),
(auto->login_d);

domain login_d = (/usr/bin/login),
(crwd->writable_t),
(rd->generic_t, readable_t, dte_t),
(exec->user_d, admin_d);

domain user_d = (/usr/bin/{sh, csh, tcsh}),
(crwxd->generic_t) ,
(rwd->writable_t),
(rxd->binaries_t),
(rd->readable_t, dte_t);

domain admin_d = (/usr/bin/{sh, csh, tcsh}),
(crwxd->generic_t) ,
(rwxd->writable_t, binaries_t, readable_t, dte_t) ;

initial_domain = daemon_d;

assign -r generic_t /;
assign -r writable_t /usr/var, /dev, /tmp;
assign -r readable_t /etc;
assign -r -s dte_t /dte;
assign -r -s binaries_t /sbin, /bin, /usr/libexec,
/usr/{sbin,bin},
/usr/local/bin;

DTEvisual allows users to display and edit two types of graphs associated with a DTE specification: general graph and type graph. A general graph contains all domains, all types, transitions between domains, and access of domains to a given type , whereas a type graph represents the partitioning of the directory space into types. In addition, users can also use DTEvisual to carry out queries (e.g., what is the type of some specific file?). Since writing a DTE spec may be a daunting task for beginners, users can first design the specification visually using our system and then save the diagram in the DTE's format.

Introduction