2024-11-17 20:23:00 +01:00
|
|
|
# ICFS -- Interactively Controlled File System
|
2024-11-13 15:26:45 +01:00
|
|
|
|
2024-11-17 20:23:00 +01:00
|
|
|
## Motivation
|
2024-11-13 15:29:10 +01:00
|
|
|
|
2024-11-17 20:23:00 +01:00
|
|
|
Traditional access control mechanisms in operating systems allow the same level
|
|
|
|
|
of access to all processes running on behalf of the same user. This typically
|
|
|
|
|
enables malicious processes to read and/or modify all data accessible to the
|
|
|
|
|
user running a vulnerable application. It can be dealt using various mandatory
|
|
|
|
|
access control mechanisms, but these are often complicated to configure and are
|
|
|
|
|
rarely used in common user oriented scenarios. This thesis focuses on design
|
|
|
|
|
and implementation of a file system layer which delegates the decision to allow
|
|
|
|
|
or deny access to a file system object by a specific process to the user.
|
2024-11-13 15:29:10 +01:00
|
|
|
|
|
|
|
|
## Goals
|
2024-11-17 20:23:00 +01:00
|
|
|
|
|
|
|
|
- Analyze the problem and design a solution
|
|
|
|
|
- Implement the solution using the FUSE framework
|
|
|
|
|
- Test the solution and demonstrate its benefits
|
2024-11-13 20:16:31 +01:00
|
|
|
|
|
|
|
|
## Docs
|
2024-11-17 20:23:00 +01:00
|
|
|
|
|
|
|
|
- [Initial idea and motivation](./docs/bc-thesis-idea.md)
|
|
|
|
|
- [Some identified issues](./docs/bc-thesis-problems.md)
|
|
|
|
|
- [Formal specification](./docs/bc-thesis-specs.md)
|
|
|
|
|
|
2024-11-14 10:14:42 +01:00
|
|
|
## Credit
|
2024-11-14 10:16:54 +01:00
|
|
|
|
2024-11-17 20:23:00 +01:00
|
|
|
_Student:_ Fedir Kovalov
|
2024-11-14 10:16:54 +01:00
|
|
|
|
2024-11-17 20:23:00 +01:00
|
|
|
_Supervisor:_ RNDr. Jaroslav Janáček, PhD.
|
