fedir/ICFS

Filesystem with Interactive Access Control for Linux

Go to file

BritishTeapot d7c20a5d5f Added proper license headers		2025-03-10 18:09:05 +01:00
docs	Added old docs	2024-11-13 16:27:09 +01:00
src	Added proper license headers	2025-03-10 18:09:05 +01:00
.gitignore	Added .clang-tidy to .gitignore	2025-03-10 17:55:31 +01:00
LICENSE	Changed LICENSE to GPLv2	2025-03-10 17:53:47 +01:00
Makefile	Separated main and operations for testing	2025-02-10 11:16:42 +01:00
README.md	Updated README.md with usage and build instructions	2025-02-10 12:02:42 +01:00

README.md

ICFS -- Interactively Controlled File System

Motivation

Traditional access control mechanisms in operating systems allow the same level of access to all processes running on behalf of the same user. This typically enables malicious processes to read and/or modify all data accessible to the user running a vulnerable application. It can be dealt using various mandatory access control mechanisms, but these are often complicated to configure and are rarely used in common user oriented scenarios. This thesis focuses on design and implementation of a file system layer which delegates the decision to allow or deny access to a file system object by a specific process to the user.

Goals

Analyze the problem and design a solution
Implement the solution using the FUSE framework
Test the solution and demonstrate its benefits

Building

Install dependencies
- fuse, libfuse (v3 or later)
  - Debian: sudo apt install fuse3 libfuse3-dev
- zenity
  - Debian: sudo apt install zenity
Build using make:
- In the project directory: make
- Use make DEBUG=1 for testing.
Resulting binaries should appear in the build directory.

Usage

icfs <FUSE arguments> [target directory]

The filesystem will be mounted over the target directory, and ask user permission every time a file in that directory is opened.

Docs

Credit

Student: Fedir Kovalov

Supervisor: RNDr. Jaroslav Janáček, PhD.