29 lines
3.3 KiB
TeX
29 lines
3.3 KiB
TeX
\chapter*{Introduction}
|
|
\label{intro}
|
|
\addcontentsline{toc}{chapter}{Introduction}
|
|
\markboth{Introduction}{Introduction}
|
|
|
|
\iffalse
|
|
|
|
The introduction contains:
|
|
|
|
\begin{itemize}
|
|
\item the state of things
|
|
\item The problem
|
|
\item Existing solutions and why they don't work
|
|
\item our approach
|
|
\item the layout of the thesis
|
|
\end{itemize}
|
|
|
|
\fi
|
|
|
|
In modern operating systems, access control mechanisms are fundamental to ensuring the confidentiality, integrity, and availability of system resources. These mechanisms dictate how users and processes interact with system objects such as files, directories, and devices. However, traditional access control models, such as the discretionary access control (DAC) employed by Linux and other Unix-like systems, operate under the assumption that all processes running under the same user account should have the same level of access to system resources. While this simplifies user management and permissions, it can introduce significant security risks.
|
|
|
|
The problem arises when a process or application running under a user's account becomes compromised. In such cases, the malicious code or exploit can leverage the user's existing permissions to access or modify sensitive data, potentially leading to data breaches or other security incidents. This fundamental limitation of traditional access control mechanisms underscores the need for a more granular and dynamic approach to file system access control.
|
|
|
|
Over the years, various mandatory access control (MAC) mechanisms, such as SELinux (Security-Enhanced Linux) and AppArmor have been developed to address these limitations. These systems enforce access control policies at a more granular level, often based on labels or rules defined by system administrators. While these mechanisms are effective in certain scenarios, they are generally complex to configure and require significant expertise to maintain. As a result, they are rarely adopted in common user-oriented environments, where simplicity and ease of use are paramount.
|
|
|
|
In this thesis we introduce our approach to file system access control that empowers users to make real-time decisions about which processes or applications should have access to specific file system objects. By integrating an interactive decision-making layer into the file system, this solution aims to bridge the gap between the security benefits of MAC mechanisms and the simplicity required for widespread adoption. The proposed system delegates access control decisions to the user, enabling them to grant or deny access to individual processes or applications on a per-object basis. This approach not only enhances security but also maintains the flexibility and usability that are critical for user-oriented systems.
|
|
|
|
The rest of this thesis is organised as follows: \Cref{access} and \cref{current} provides a review of existing access control mechanisms and their limitations. \Cref{icfs} outlines the design objectives, architecture, and the interactive component of the proposed file system layer. \Cref{impl} describes the implementation process, including the tools and techniques used to develop the system. Finally, in \cref{eval} we present experimental results, evaluate the performance, security benefits and limitations of the proposed solution, and discuss the potential for further development.
|