基于大语言模型的AppArmor安全策略自动生成方法  

作　　者：沙倚天 刘少君 钱欣 吴越 陈鹏 刘行 SHA Yitian;LIU Shaojun;QIAN Xin;WU Yue;CHEN Peng;LIU Xing(State Grid Nanjing Power Supply Company,Nanjing 210016,China;Nanjing Nanrui Information and Communication Technology Limited Company,Nanjing 210016,China)

机构地区：[1]国网江苏省电力有限公司南京供电分公司,江苏南京210016 [2]南京南瑞信息通信科技有限公司,江苏南京210016

出　　处：《网络与信息安全学报》2024年第3期143-155,共13页Chinese Journal of Network and Information Security

基　　金：国网江苏电力有限公司科技项目(J2023110)。

摘　　要：在计算机信息系统的整体安全性中,操作系统安全扮演着至关重要的角色,而操作系统安全的基石是信息系统的安全。目前,已经有SELinux、AppArmor等基于强制访问控制机制的安全方法被提出,来增强操作系统的安全性。然而,这类安全方法在实际应用中存在的主要问题,例如安全策略配置的复杂性和对专业知识的高度依赖,使安全策略的生成变得困难,并且防护粒度相对较粗。因此,对AppArmor的安全策略的生成过程进行进一步的优化,并提出了一种基于大语言模型(largelanguagemodel,LLM)的访问控制策略自动生成方法。该方法对目标应用程序进行静态分析,获取部分安全策略规则;并全面运行应用程序,以获得最大代码覆盖率的相关日志;最后结合日志信息和静态分析结果以及少样本学习,运用大模型为应用自动生成安全策略,减少了对安全专家的依赖,从而显著降低了人工成本以及减少了人为配置安全策略的主观性和复杂性。通过将所提方法生成的AppArmor安全策略与默认策略进行对比,对策略的正确性、完整性和精简性进行了评估。实验结果显示,所提方法生成的策略既完整又精简,并且不会影响应用程序的正常运行。这表明了所提方法在简化安全策略生成过程和提高策略质量方面的有效性。Operating system(OS)security has been considered as a critical layer within the comprehensive security framework of computer information systems.Mandatory access control(MAC)mechanisms such as SELinux and AppArmor have been employed to strengthen OS security.However,significant challenges have been encountered in the application of MAC in practice,primarily involving the complexity of security policy configuration,which has demanded specialized expertise and often resulted in coarse-grained protection measures.Aimed at enhancing the process of generating security policies for AppArmor,an automated access control policy generation method was proposed based on large language models(LLM).The process began with a static analysis of the target applica‐tion to extract preliminary security policy rules.Subsequently,the application was extensively executed to gather logs that achieved maximum code coverage.Large models,in conjunction with the gathered log information,static analysis outcomes,and few-shot learning,were utilized to autonomously generate security policies for applications.This approach significantly reduced the dependence on security experts,lowered manual labor costs,and dimin‐ished the subjectivity and complexity associated with manual security policy configurations.The efficacy of this methodology was demonstrated through a comparative analysis between the AppArmor security policies generated by this framework and the default policies,focusing on the policies’correctness,completeness,and succinctness.The experimental findings reveal that the generated policies are not only comprehensive and succinct but also do not impede the normal operation of the application.These results underscore the effectiveness of the proposed method in streamlining the security policy generation process and enhancing the quality of the policies.

关 键 词：强制访问控制 AppArmor 安全策略 静态分析 

分 类 号：TP309.1[自动化与计算机技术—计算机系统结构]