{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,12]],"date-time":"2026-03-12T07:38:39Z","timestamp":1773301119174,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":48,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,6,24]],"date-time":"2024-06-24T00:00:00Z","timestamp":1719187200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,6,24]]},"DOI":"10.1145\/3649158.3657306","type":"proceedings-article","created":{"date-parts":[[2024,6,25]],"date-time":"2024-06-25T18:21:05Z","timestamp":1719339665000},"page":"71-82","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["SPRT: Automatically Adjusting SELinux Policy for Vulnerability Mitigation"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-5331-2473","authenticated-orcid":false,"given":"Hanyu","family":"Wang","sequence":"first","affiliation":[{"name":"Chinese Academy of Sciences & University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5521-4757","authenticated-orcid":false,"given":"Aimin","family":"Yu","sequence":"additional","affiliation":[{"name":"Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-4380-725X","authenticated-orcid":false,"given":"Lifang","family":"Xiao","sequence":"additional","affiliation":[{"name":"Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-5374-6171","authenticated-orcid":false,"given":"Jin","family":"Li","sequence":"additional","affiliation":[{"name":"Harbin Engineering University, Harbin, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-1611-3384","authenticated-orcid":false,"given":"Xu","family":"Cao","sequence":"additional","affiliation":[{"name":"Chinese Academy of Sciences & University of Chinese Academy of Sciences, Beijing, China"}]}],"member":"320","published-online":{"date-parts":[[2024,6,25]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"NSA's Open Source Security Enhanced Linux","author":"McCarty Bill","year":"2004","unstructured":"Bill McCarty, Selinux: NSA's Open Source Security Enhanced Linux, O'Reilly Media, 2004."},{"key":"e_1_3_2_1_2_1","first-page":"1","volume-title":"2019 IEEE International Conference on Consumer Electronics (ICCE)","author":"Jae-Yong Ko","year":"2019","unstructured":"Ko Jae-Yong, Lee Sang-Gil and Lee Cheol-Hoon, \"Real-time Mandatory Access Control on SELinux for Internet of Things,\" 2019 IEEE International Conference on Consumer Electronics (ICCE), Las Vegas, NV, USA, 2019, pp. 1--6."},{"key":"e_1_3_2_1_3_1","first-page":"25","volume-title":"USA","author":"Kimm H.","year":"2021","unstructured":"H. Kimm and J. Ortiz, \"Multilevel Security Embedded Information Retrieval and Tracking on Cloud Environments,\" 2021 IEEE Cloud Summit (Cloud Summit), Hempstead, NY, USA, 2021, pp. 25--28."},{"key":"e_1_3_2_1_4_1","first-page":"2579","article-title":"PolyScope: Multi-Policy Access Control Analysis to Compute Authorized Attack Operations in Android Systems","author":"Lee Yu-Tsung","year":"2021","unstructured":"Yu-Tsung Lee, William Enck, Haining Chen, Hayawardh Vijayakumar, Ninghui Li, Daimeng Wang, Zhiyun Qian, Giuseppe Petracca and Trent Jaeger, \"PolyScope: Multi-Policy Access Control Analysis to Compute Authorized Attack Operations in Android Systems,\" 30th USENIX Security Symposium (USENIX Security 21), 2021, pp. 2579--2596.","journal-title":"30th USENIX Security Symposium (USENIX Security 21)"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2019599.2019604"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/2566830"},{"key":"e_1_3_2_1_7_1","first-page":"1231","volume-title":"Yantai","author":"Bai Jing","year":"2012","unstructured":"Jing Bai and Gaoshou Zhai, \"Study on analysis for SELinux security policy,\" 2012 International Conference on Systems and Informatics (ICSAI2012), Yantai, China, 2012, pp. 1231--1235."},{"key":"e_1_3_2_1_8_1","first-page":"1","volume-title":"USA","volume":"12","author":"Jaeger Trent","year":"2003","unstructured":"Trent Jaeger, Reiner Sailer and Xiaolan Zhang, \"Analyzing integrity protection in the SELinux example policy,\" In Proceedings of the 12th conference on USENIX Security Symposium, USENIX Association, USA, vol. 12, no. 3, pp. 1--5, 2003."},{"key":"e_1_3_2_1_9_1","first-page":"1","volume-title":"Kaohsiung","author":"Yamauchi T.","year":"2018","unstructured":"T. Yamauchi, Y. Akao, R. Yoshitani, Y. Nakamura and M. Hashimoto, \"Additional Kernel Observer to Prevent Privilege Escalation Attacks by Focusing on System Call Privilege Changes,\" 2018 IEEE Conference on Dependable and Secure Computing (DSC), Kaohsiung, Taiwan, 2018, pp. 1--8."},{"key":"e_1_3_2_1_10_1","volume-title":"INTRUST 2014","author":"Zhai G.","year":"2014","unstructured":"G. Zhai, T. Guo, and J. Huang, \"Sciatool: A tool for analyzing selinux policies based on access control spaces, information flows and cpns,\" in Trusted Systems - 6th International Conference, INTRUST 2014, Beijing, China, December 16-17, 2014, Revised Selected Papers (M. Yung, L. Zhu, and Y. Yang, eds.), vol. 9473 of Lecture Notes in Computer Science, pp. 294--309."},{"key":"e_1_3_2_1_11_1","first-page":"254","volume-title":"QLD","author":"Lugo P. C.","year":"2009","unstructured":"P. C. Lugo, J. M. G. Garcia and J. J. Flores, \"A System for Distributed SELinux Policy Management,\" 2009 Third International Conference on Network and System Security, Gold Coast, QLD, Australia, 2009, pp. 254--261."},{"key":"e_1_3_2_1_12_1","first-page":"596","volume-title":"Springer-Verlag","author":"Clemente Patrice","year":"2012","unstructured":"Patrice Clemente, Bangaly Kaba, Jonathan Rouzaud-Cornabas, Marc Alexandre and Guillaume Aujay, \"SPTrack: visual analysis of information flows within SELinux policies and attack logs,\" In Proceedings of the 8th international conference on Active Media Technology (AMT'12), Springer-Verlag, Berlin, Heidelberg, 2012, pp. 596--605."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-95729-6_14"},{"key":"e_1_3_2_1_14_1","first-page":"838","volume-title":"Crans-Montana","author":"Wei L.","year":"2016","unstructured":"L. Wei, Y. Zuo, Y. Ding, P. Dong, C. Huang and Y. Gao, \"Security Identifier Randomization: A Method to Prevent Kernel Privilege-Escalation Attacks,\" 2016 30th International Conference on Advanced Information Networking and Applications Workshops (WAINA), Crans-Montana, Switzerland, 2016, pp. 838--842."},{"key":"e_1_3_2_1_15_1","first-page":"84","volume-title":"Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP, ISBN 978-989-758-553-1, ISSN 2184-4356","author":"Wareus Emil","unstructured":"Emil Wareus, Anton Duppils, Magnus Tullberg, Martin Hell, \" Security Issue Classification for Vulnerability Management with Semi-supervised Learning,\" In Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP, ISBN 978-989-758-553-1, ISSN 2184-4356, pp. 84--95."},{"key":"e_1_3_2_1_16_1","first-page":"9","volume-title":"Association for Computing Machinery","author":"Nagaraj Keerthiraj","unstructured":"Keerthiraj Nagaraj, Swapnil Sunilkumar Bhasale, Janise McNair, and Ahmed Helmy, \"Vulnerability Assessment and Classification based on Influence Metrics in Mobile Social Networks,\" In Proceedings of the 17th ACM International Symposium on Mobility Management and Wireless Access (MobiWac '19). Association for Computing Machinery, New York, NY, USA, pp. 9--16."},{"key":"e_1_3_2_1_17_1","first-page":"1","volume-title":"Rennes","author":"Aota M.","year":"2020","unstructured":"M. Aota, H. Kanehara, M. Kubo, N. Murata, B. Sun and T. Takahashi, \"Automation of Vulnerability Classification from its Description using Machine Learning,\" 2020 IEEE Symposium on Computers and Communications (ISCC), Rennes, France, 2020, pp. 1--7."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"crossref","unstructured":"Jenny Rose Finkel Trond Grenager and Christopher Manning \"Incorporating non-local information into information extraction systems by Gibbs sampling \" In Proceedings of the 43rd Annual Meeting on Association for Computational Linguistics (ACL '05) Association for Computational Linguistics USA 2005 pp. 363--370.","DOI":"10.3115\/1219840.1219885"},{"key":"e_1_3_2_1_19_1","first-page":"103","volume-title":"Association for Computing Machinery","author":"Husari G.","year":"2017","unstructured":"G. Husari, E. Al-Shaer, M. Ahmed, B. Chu, and X. Niu, \"TTPDrill: Automatic and Accurate Extraction of Threat Actions from Unstructured Text of CTI Sources,\" In Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC '17), Association for Computing Machinery, New York, NY, USA, 2017, pp. 103--115."},{"key":"e_1_3_2_1_20_1","first-page":"2139","volume-title":"Association for Computing Machinery","author":"You W.","year":"2017","unstructured":"W. You, P. Zong, K. Chen, X. Wang, X. Liao, P. Bian, and B. Liang, \"SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits,\" In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS '17), Association for Computing Machinery, New York, NY, USA, 2017, pp. 2139--2154."},{"key":"e_1_3_2_1_21_1","first-page":"77","volume-title":"Johannesburg","author":"Rudman Lauren","year":"2016","unstructured":"Lauren Rudman and Barry Irwin, \"Dridex: Analysis of the traffic and automatic generation of IOCs,\" 2016 Information Security for South Africa (ISSA), Johannesburg, South Africa, 2016, pp. 77--84."},{"key":"e_1_3_2_1_22_1","first-page":"648","article-title":"Exploitability prediction of software vulnerabilities","volume":"37","author":"Anand A.","year":"2020","unstructured":"Bhatt, Navneet, A. Anand, and V. S. S. Yadavalli, \"Exploitability prediction of software vulnerabilities,\" Quality and Reliability Engineering International, vol.37, pp. 648--663, 2020.","journal-title":"Quality and Reliability Engineering International"},{"key":"e_1_3_2_1_23_1","first-page":"1","volume-title":"USA","author":"Gamarra M.","year":"2018","unstructured":"M. Gamarra, S. Shetty, D. M. Nicol, O. Gonzalez, C. A. Kamhoua and L. Njilla, \"Analysis of Stepping Stone Attacks in Dynamic Vulnerability Graphs,\" 2018 IEEE International Conference on Communications (ICC), Kansas City, MO, USA, 2018, pp. 1--7."},{"key":"e_1_3_2_1_24_1","first-page":"1","volume-title":"Riyadh","author":"Alenezi F.","year":"2020","unstructured":"F. Alenezi and C. P. Tsokos, \"Machine Learning Approach to Predict Computer Operating Systems Vulnerabilities,\" 2020 3rd International Conference on Computer Applications & Information Security (ICCAIS), Riyadh, Saudi Arabia, 2020, pp. 1--6."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/THMS.2022.3163185"},{"key":"e_1_3_2_1_26_1","first-page":"271","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Micinski D. J.","year":"2020","unstructured":"Hernandez, G., Rabin, S., Tian, D. J., Micinski, K., Yadav, A. S., & Foster, J. S., \"BigMAC: Fine-Grained Policy Analysis of Android Firmware,\". 29th USENIX Security Symposium (USENIX Security 20), 2020, pp. 271--287."},{"key":"e_1_3_2_1_27_1","first-page":"1","volume-title":"USA","author":"Marouf S.","year":"2011","unstructured":"S. Marouf and M. Shehab, \"SEGrapher: Visualization-based SELinux policy analysis,\" 2011 4th Symposium on Configuration Analytics and Automation (SAFECONFIG), Arlington, VA, USA, 2011, pp. 1--8."},{"key":"e_1_3_2_1_28_1","first-page":"1037","volume-title":"USENIX Security 2023","author":"Cui H.","year":"2023","unstructured":"H. Cui, R. Trimananda, A. Markopoulou, and S. Jordan, \"Poligraph: Automated privacy policy analysis using knowledge graphs,\" 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023, pp. 1037--1054."},{"key":"e_1_3_2_1_29_1","first-page":"409","volume-title":"USENIX Security 2023","author":"Shen B.","year":"2023","unstructured":"B. Shen, T. Shan, and Y. Zhou, \"Improving logging to reduce permission over granting mistakes,\" 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023, pp. 409--426."},{"key":"e_1_3_2_1_30_1","first-page":"49","volume-title":"Association for Computing Machinery","author":"Chari Suresh","year":"2013","unstructured":"Suresh Chari, Ian Molloy, Youngja Park, and Wilfried Teiken, \"Ensuring continuous compliance through reconciling policy with usage,\" In Proceedings of the 18th ACM symposium on Access control models and technologies (SACMAT'13). Association for Computing Machinery, New York, NY, USA, 2013, pp. 49--60."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3054331"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1952982.1952984"},{"key":"e_1_3_2_1_33_1","first-page":"161","volume-title":"USA","author":"Das Tathagata","year":"2010","unstructured":"Tathagata Das, Ranjita Bhagwan and Prasad Naldurg, \"Baaz: A System for Detecting Access Control Misconfigurations,\" 19th USENIX Security Symposium, Washington, DC, USA, August 11-13, 2010, Proceedings, pp. 161--176."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"crossref","unstructured":"Jiaqi Zhang Lakshminarayanan Renganarayana Xiaolan Zhang Niyu Ge Vasanth Bala Tianyin Xu and Yuanyuan Zhou \"EnCore: exploiting system environment and correlation information for misconfiguration detection \" In Proceedings of the 19th international conference on Architectural support for programming languages and operating systems (ASPLOS '14). Association for Computing Machinery New York NY USA pp. 687--700.","DOI":"10.1145\/2541940.2541983"},{"key":"e_1_3_2_1_35_1","first-page":"752","volume-title":"languages, and applications (OOPSLA '06)","author":"Martin Evan","unstructured":"Evan Martin, \"Automated test generation for access control policies,\" In Companion to the 21st ACM SIGPLAN symposium on Object-oriented programming systems, languages, and applications (OOPSLA '06). Association for Computing Machinery, New York, NY, USA, pp. 752--753."},{"key":"e_1_3_2_1_36_1","first-page":"667","volume-title":"Association for Computing Machinery","author":"Martin Evan","unstructured":"Evan Martin and Tao Xie, \"A fault model and mutation testing of access control policies,\" In Proceedings of the 16th international conference on World Wide Web (WWW '07). Association for Computing Machinery, New York, NY, USA, pp. 667--676."},{"key":"e_1_3_2_1_37_1","first-page":"196","volume-title":"Association for Computing Machinery","author":"Fisler Kathi","unstructured":"Kathi Fisler, Shriram Krishnamurthi, Leo A. Meyerovich, and Michael Carl Tschantz, \"Verification and change-impact analysis of access-control policies,\" In Proceedings of the 27th international conference on Software engineering (ICSE '05). Association for Computing Machinery, New York, NY, USA, pp. 196--205."},{"key":"e_1_3_2_1_38_1","first-page":"163","volume-title":"Association for Computing Machinery","author":"Jayaraman Karthick","unstructured":"Karthick Jayaraman, Vijay Ganesh, Mahesh Tripunitara, Martin Rinard, and Steve Chapin, \"Automatic error finding in access-control policies,\" In Proceedings of the 18th ACM conference on Computer and communications security (CCS '11). Association for Computing Machinery, New York, NY, USA, pp. 163--174."},{"key":"e_1_3_2_1_39_1","first-page":"1","volume-title":"Algiers","author":"Khelf Roumaissa","year":"2017","unstructured":"Roumaissa Khelf and Nassira Ghoualmi, \"Intra and inter policy Conflicts Dynamic Detection Algorithm,\" 2017 Seminar on Detection Systems Architectures and Technologies (DAT), Algiers, Algeria, 2017, pp. 1--6."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICWS.2014.81"},{"key":"e_1_3_2_1_41_1","first-page":"113","volume-title":"Association for Computing Machinery","author":"Xiang C.","year":"2019","unstructured":"C. Xiang, Y. Wu, B. Shen, M. Shen, H. Huang, T. Xu, Y. Zhou, C. Moore, X. Jin, and T. Sheng, \"Towards Continuous Access Control Validation and Forensics,\" In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS '19), Association for Computing Machinery, New York, NY, USA, 2019, pp. 113--129."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101816"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1155\/2020\/8866996"},{"key":"e_1_3_2_1_44_1","first-page":"351","volume-title":"Washington, D.C.","author":"Wang R.","year":"2015","unstructured":"R. Wang, W. Enck, D. Reeves, X. Zhang, P. Ning, D. Xu, W. Zhou and A. M. Azab, \"EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning,\" 24th USENIX Security Symposium (USENIX Security 15), Washington, D.C., USENIX Association, 2015, pp. 351--366."},{"key":"e_1_3_2_1_45_1","first-page":"2733","volume-title":"Association for Computing Machinery","author":"Yu D.","year":"2021","unstructured":"D. Yu, G. Yang, G. Meng, X. Gong, X. Zhang, X. Xiang, X. Wang, Y. Jiang, K. Chen, W. Zou, W. Lee, and W. Shi, \"SEPAL: Towards a Large-scale Analysis of SEAndroid Policy Customization,\" In Proceedings of the Web Conference 2021 (WWW '21), Association for Computing Machinery, New York, NY, USA, 2021, pp. 2733--2744."},{"key":"e_1_3_2_1_46_1","first-page":"40","volume-title":"Busan","author":"Yamaguchi Takuto","year":"2008","unstructured":"Takuto Yamaguchi, Yuichi Nakamura and Toshihiro Tabata, \"Integrated Access Permission: Secure and Simple Policy Description by Integration of File Access Vector Permission,\" 2008 International Conference on Information Security and Assurance (isa 2008), Busan, 2008, pp. 40--45."},{"key":"e_1_3_2_1_47_1","volume-title":"Linux Kernel Audit Subsystem. https:\/\/github.com\/linuxaudit\/ audit-kernel","author":"Project T. L. A.","year":"2023","unstructured":"T. L. A. Project. (2023) Linux Kernel Audit Subsystem. https:\/\/github.com\/linuxaudit\/ audit-kernel."},{"key":"e_1_3_2_1_48_1","volume-title":"npm-audit tool. https:\/\/docs.npmjs.com\/","year":"2023","unstructured":"npm. (2023) npm-audit tool. https:\/\/docs.npmjs.com\/."}],"event":{"name":"SACMAT 2024: The 29th ACM Symposium on Access Control Models and Technologies","location":"San Antonio TX USA","acronym":"SACMAT 2024","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 29th ACM Symposium on Access Control Models and Technologies"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3649158.3657306","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3649158.3657306","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T02:10:10Z","timestamp":1755915010000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3649158.3657306"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,24]]},"references-count":48,"alternative-id":["10.1145\/3649158.3657306","10.1145\/3649158"],"URL":"https:\/\/doi.org\/10.1145\/3649158.3657306","relation":{},"subject":[],"published":{"date-parts":[[2024,6,24]]},"assertion":[{"value":"2024-06-25","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}