fedir/ICFS-thesis
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added cleveref and made better chapter description in the intro.

Browse Source
This commit is contained in:
fedir 2025-04-12 18:16:09 +02:00
parent ee20625590
commit 02626dc6dc
Signed by: fedir
GPG Key ID: C959EE85F0C9362C
7 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
accesscontrol.tex
View File

@ -1,4 +1,5 @@
\chapter{Filesystem access control on Linux} \chapter{Filesystem access control on Linux}
\label{access}
\section{Traditional UNIX Filesystem Access Control Policies} \section{Traditional UNIX Filesystem Access Control Policies}

1
approach.tex
View File

@ -1,4 +1,5 @@
\chapter{Interactively Controlled File System} \chapter{Interactively Controlled File System}
\label{icfs}
In this section we present the solution developed as a part of this thesis, named \emph{Interactively Controlled File System} (or ICFS for short). In this section we present the solution developed as a part of this thesis, named \emph{Interactively Controlled File System} (or ICFS for short).

1
implementation.tex
View File

@ -1,4 +1,5 @@
\chapter{Implementation} \chapter{Implementation}
\label{impl}
This chapter describes the software design and architecture, and the way that they help to solve the problem. The following sections describe the FUSE framework, different methods used to store access permissions of processes and the way the chosen architecture is designed to resist unauthorised access to the filesystem. This chapter describes the software design and architecture, and the way that they help to solve the problem. The following sections describe the FUSE framework, different methods used to store access permissions of processes and the way the chosen architecture is designed to resist unauthorised access to the filesystem.

3
intro.tex
View File

@ -1,4 +1,5 @@
\chapter*{Introduction} \chapter*{Introduction}
\label{intro}
\addcontentsline{toc}{chapter}{Introduction} \addcontentsline{toc}{chapter}{Introduction}
\markboth{Introduction}{Introduction} \markboth{Introduction}{Introduction}
@ -24,4 +25,4 @@ Over the years, various mandatory access control (MAC) mechanisms, such as SELin
In this thesis we introduce our approach to file system access control that empowers users to make real-time decisions about which processes or applications should have access to specific file system objects. By integrating an interactive decision-making layer into the file system, this solution aims to bridge the gap between the security benefits of MAC mechanisms and the simplicity required for widespread adoption. The proposed system delegates access control decisions to the user, enabling them to grant or deny access to individual processes or applications on a per-object basis. This approach not only enhances security but also maintains the flexibility and usability that are critical for user-oriented systems. In this thesis we introduce our approach to file system access control that empowers users to make real-time decisions about which processes or applications should have access to specific file system objects. By integrating an interactive decision-making layer into the file system, this solution aims to bridge the gap between the security benefits of MAC mechanisms and the simplicity required for widespread adoption. The proposed system delegates access control decisions to the user, enabling them to grant or deny access to individual processes or applications on a per-object basis. This approach not only enhances security but also maintains the flexibility and usability that are critical for user-oriented systems.
The rest of this thesis is organised as follows: Chapter 1 provides a review of existing access control mechanisms and their limitations. Chapter 2 outlines the design objectives, architecture, and the interactive component of the proposed file system layer. Chapter 3 describes the implementation process, including the tools and techniques used to develop the system. Chapter 4 presents experimental results and evaluates the performance and security benefits of the proposed solution. Finally, in Chapter 5 we describe some limitations of the proposed solution, and discuss the potential for further development. The rest of this thesis is organised as follows: \Cref{access} and \cref{current} provides a review of existing access control mechanisms and their limitations. \Cref{icfs} outlines the design objectives, architecture, and the interactive component of the proposed file system layer. \Cref{impl} describes the implementation process, including the tools and techniques used to develop the system. Finally, in \cref{eval} we present experimental results, evaluate the performance, security benefits and limitations of the proposed solution, and discuss the potential for further development.

BIN
main-en.pdf
View File

Binary file not shown.

4
main-en.tex
View File

@ -13,6 +13,8 @@
%quotes %quotes
\usepackage{dirtytalk} \usepackage{dirtytalk}
%zapnutie slovenskeho delenia slov %zapnutie slovenskeho delenia slov
%a automatickych nadpisov ako Obsah, Obrázok a pod. v slovencine %a automatickych nadpisov ako Obsah, Obrázok a pod. v slovencine
%\usepackage[slovak]{babel} % vypnite pre prace v anglictine! %\usepackage[slovak]{babel} % vypnite pre prace v anglictine!
@ -41,6 +43,8 @@
% zrusime farebne ramiky okolo liniek aby pdf % zrusime farebne ramiky okolo liniek aby pdf
% vyzeralo rovnako ako tlacena verzia % vyzeralo rovnako ako tlacena verzia
\usepackage[hidelinks,breaklinks]{hyperref} \usepackage[hidelinks,breaklinks]{hyperref}
%fancy references
\usepackage{cleveref}
% ------------------- % -------------------
% --- REMOVE BEFORE PUBLISHING % --- REMOVE BEFORE PUBLISHING

1
motivation.tex
View File

@ -1,6 +1,7 @@
\chapter{Current solutions, and why they won't suffice} \chapter{Current solutions, and why they won't suffice}
\label{current}
\section{MAC mechanisms} \section{MAC mechanisms}