CDS Framework Toolkit

CDS Framework Toolkit is a new conceptual model and tool set for authoring Security Enhanced Linux (SELinux) policies, primarily for Cross-Domain Solutions (CDS). It allows policy writers to describe the higher level security properties of an application or group of applications using CDS Framework Toolkit concepts and converts that high level description into an SELinux policy. Allowing policy writers to express higher level properties both simplifies policy development and encourages good security engineering. Policy authors are freed from many of the normal details of SELinux policy, allowing them to focus on the important security properties.

CDS Framework Toolkit consists of the following:

A Conceptual Model - This model is designed to present the policy writer with only a few important security properties. Most importantly, information flow. The emphasis on information flow makes CDS Framework Toolkit particularly well suited for Cross-Domain Solutions (CDS), but also can be used to describe a large number of security goals.
Set of Supporting Languages - These are used to express the CDS Framework Toolkit concepts graphically and textually.
Integrated Design Environment (IDE) - This provides the policy writer with an easy to learn interface for writing policy in the CDS Framework Toolkit languages.
Compiler - The compiler generates SELinux policy directly from the supporting languages. This generated policy coupled with base policy creates a complete SELinux policy for a system.

CDS Framework builds on top of Reference Policy and SLIDE.