I’d like to announce SPAN - SELinux Policy Analysis Notebook (https://github.com/QuarkSecurity/SPAN/ <https://github.com/QuarkSecurity/SPAN/>). This is a Jupyter notebook based environment for SELinux policy analysis that let’s you mix queries, Python code, and Markdown formatted notes into an executable document. It’s an extension of SETools 4.
Using SPAN within Jupyter notebook is an amazingly productive way to do policy analysis. I really think that this is the most productive environment that I’ve seen for real policy analysis (and I’ve been working on SELinux policy analysis and tools for almost 15 years). The ability to quickly create custom tools to answer hard questions combined inline with well-formatted documentation makes a huge difference. SPAN has been used so far to analyze 3 large, complex, custom systems with very large policies (hundreds of custom domains). The analysis was of much better quality and it took much less time because of SPAN. If you just want to see what this looks like, you can see an example online (though the code is not executable): https://nbviewer.jupyter.org/github/QuarkSecurity/SPAN/blob/master/examples/Span%20Example.ipynb# <https://nbviewer.jupyter.org/github/QuarkSecurity/SPAN/blob/master/examples/Span%20Example.ipynb#> If you’ve not seen Jupyter notebooks, they are a very popular tool for data science. Jupyter notebooks are an interactive environment that let you write text (in Markdown) and code together. You can get a feel for what's possible in this awesome notebook on Regex Golf from XKCD: http://nbviewer.jupyter.org/url/norvig.com/ipython/xkcd1313.ipynb <http://nbviewer.jupyter.org/url/norvig.com/ipython/xkcd1313.ipynb>. There is also the more official (and boring) introduction: https://jupyter-notebook-beginner-guide.readthedocs.io/en/latest/ <https://jupyter-notebook-beginner-guide.readthedocs.io/en/latest/>. SPAN was written by me (Karl MacMillan) along with Spencer Shimko and Brandon Whalen from Quark Security. And, of course, this is built on SETools 4 which is maintained by Chris PeBinito. Thanks - Karl
