diff --git a/accesscontrol.tex b/accesscontrol.tex index d8d41e5..9a0df57 100644 --- a/accesscontrol.tex +++ b/accesscontrol.tex @@ -1,4 +1,5 @@ \chapter{Filesystem access control on Linux} +\label{access} \section{Traditional UNIX Filesystem Access Control Policies} diff --git a/approach.tex b/approach.tex index 138ef17..13e1380 100644 --- a/approach.tex +++ b/approach.tex @@ -1,4 +1,5 @@ \chapter{Interactively Controlled File System} +\label{icfs} In this section we present the solution developed as a part of this thesis, named \emph{Interactively Controlled File System} (or ICFS for short). diff --git a/implementation.tex b/implementation.tex index 9ee2f89..63c369b 100644 --- a/implementation.tex +++ b/implementation.tex @@ -1,4 +1,5 @@ \chapter{Implementation} +\label{impl} This chapter describes the software design and architecture, and the way that they help to solve the problem. The following sections describe the FUSE framework, different methods used to store access permissions of processes and the way the chosen architecture is designed to resist unauthorised access to the filesystem. diff --git a/intro.tex b/intro.tex index 647c983..1a90ece 100644 --- a/intro.tex +++ b/intro.tex @@ -1,4 +1,5 @@ \chapter*{Introduction} +\label{intro} \addcontentsline{toc}{chapter}{Introduction} \markboth{Introduction}{Introduction} @@ -24,4 +25,4 @@ Over the years, various mandatory access control (MAC) mechanisms, such as SELin In this thesis we introduce our approach to file system access control that empowers users to make real-time decisions about which processes or applications should have access to specific file system objects. By integrating an interactive decision-making layer into the file system, this solution aims to bridge the gap between the security benefits of MAC mechanisms and the simplicity required for widespread adoption. The proposed system delegates access control decisions to the user, enabling them to grant or deny access to individual processes or applications on a per-object basis. This approach not only enhances security but also maintains the flexibility and usability that are critical for user-oriented systems. -The rest of this thesis is organised as follows: Chapter 1 provides a review of existing access control mechanisms and their limitations. Chapter 2 outlines the design objectives, architecture, and the interactive component of the proposed file system layer. Chapter 3 describes the implementation process, including the tools and techniques used to develop the system. Chapter 4 presents experimental results and evaluates the performance and security benefits of the proposed solution. Finally, in Chapter 5 we describe some limitations of the proposed solution, and discuss the potential for further development. +The rest of this thesis is organised as follows: \Cref{access} and \cref{current} provides a review of existing access control mechanisms and their limitations. \Cref{icfs} outlines the design objectives, architecture, and the interactive component of the proposed file system layer. \Cref{impl} describes the implementation process, including the tools and techniques used to develop the system. Finally, in \cref{eval} we present experimental results, evaluate the performance, security benefits and limitations of the proposed solution, and discuss the potential for further development. diff --git a/main-en.pdf b/main-en.pdf index 798b2a5..30ed461 100644 Binary files a/main-en.pdf and b/main-en.pdf differ diff --git a/main-en.tex b/main-en.tex index 1b01809..8ba5703 100644 --- a/main-en.tex +++ b/main-en.tex @@ -13,6 +13,8 @@ %quotes \usepackage{dirtytalk} + + %zapnutie slovenskeho delenia slov %a automatickych nadpisov ako Obsah, Obrázok a pod. v slovencine %\usepackage[slovak]{babel} % vypnite pre prace v anglictine! @@ -41,6 +43,8 @@ % zrusime farebne ramiky okolo liniek aby pdf % vyzeralo rovnako ako tlacena verzia \usepackage[hidelinks,breaklinks]{hyperref} +%fancy references +\usepackage{cleveref} % ------------------- % --- REMOVE BEFORE PUBLISHING diff --git a/motivation.tex b/motivation.tex index be5d9d5..7fbc7b2 100644 --- a/motivation.tex +++ b/motivation.tex @@ -1,6 +1,7 @@ \chapter{Current solutions, and why they won't suffice} +\label{current} \section{MAC mechanisms}