Online / 5 & 6 February 2022


secPaver: Security Policy Development Tool

Security design is an very important step in the software development. In order to meet the principle of least privilege, developers make rules for applications based on data flow and control flow of processes, such as SELinux and AppArmor. This step can be automated with secPaver. With the permission description of application, secPaver can generate security policy for different security mechanisms. By this way, security design can be simplified, and developers do not need to know many details about security mechanisms.

secPaver is a policy development tool that supports multiple security mechanisms. It aims to help users implement end-to-end security policy development, including visible policy design, iterative development, and policy release. It provides functions such as policy configuration, automatic generation, running test, missing rule gathering, and policy package export. secPaver shields security mechanism details and abstracts unified policy configuration file definitions and operation interfaces for different security mechanisms, improving policy development efficiency and reducing learning costs for developers.

project address: