网络与信息安全学报 (Jun 2024)
Automatic generation of AppArmor security policies based on large language models
Abstract
Operating system (OS) security has been considered as a critical layer within the comprehensive security framework of computer information systems. Mandatory access control (MAC) mechanisms such as SELinux and AppArmor have been employed to strengthen OS security. However, significant challenges have been encountered in the application of MAC in practice, primarily involving the complexity of security policy configuration, which has demanded specialized expertise and often resulted in coarse-grained protection measures. Aimed at enhancing the process of generating security policies for AppArmor, an automated access control policy generation method was proposed based on large language models (LLM). The process began with a static analysis of the target application to extract preliminary security policy rules. Subsequently, the application was extensively executed to gather logs that achieved maximum code coverage. Large models, in conjunction with the gathered log information, static analysis outcomes, and few-shot learning, were utilized to autonomously generate security policies for applications. This approach significantly reduced the dependence on security experts, lowered manual labor costs, and diminished the subjectivity and complexity associated with manual security policy configurations. The efficacy of this methodology was demonstrated through a comparative analysis between the AppArmor security policies generated by this framework and the default policies, focusing on the policies’ correctness, completeness, and succinctness. The experimental findings reveal that the generated policies are not only comprehensive and succinct but also do not impede the normal operation of the application. These results underscore the effectiveness of the proposed method in streamlining the security policy generation process and enhancing the quality of the policies.