From 71cc127a3244645441e50d911fbd5cb6ef57b2ce Mon Sep 17 00:00:00 2001 From: BritishTeapot Date: Mon, 10 Feb 2025 12:02:42 +0100 Subject: [PATCH] Updated README.md with usage and build instructions --- README.md | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 17cf6b2..db45191 100644 --- a/README.md +++ b/README.md @@ -2,14 +2,7 @@ ## Motivation -Traditional access control mechanisms in operating systems allow the same level -of access to all processes running on behalf of the same user. This typically -enables malicious processes to read and/or modify all data accessible to the -user running a vulnerable application. It can be dealt using various mandatory -access control mechanisms, but these are often complicated to configure and are -rarely used in common user oriented scenarios. This thesis focuses on design -and implementation of a file system layer which delegates the decision to allow -or deny access to a file system object by a specific process to the user. +Traditional access control mechanisms in operating systems allow the same level of access to all processes running on behalf of the same user. This typically enables malicious processes to read and/or modify all data accessible to the user running a vulnerable application. It can be dealt using various mandatory access control mechanisms, but these are often complicated to configure and are rarely used in common user oriented scenarios. This thesis focuses on design and implementation of a file system layer which delegates the decision to allow or deny access to a file system object by a specific process to the user. ## Goals @@ -17,6 +10,24 @@ or deny access to a file system object by a specific process to the user. - Implement the solution using the FUSE framework - Test the solution and demonstrate its benefits +## Building + +* Install dependencies + + fuse, libfuse (v3 or later) + - Debian: `sudo apt install fuse3 libfuse3-dev` + + zenity + - Debian: `sudo apt install zenity` +* Build using `make`: + + In the project directory: `make` + + Use `make DEBUG=1` for testing. +* Resulting binaries should appear in the `build` directory. + +## Usage + +`icfs [target directory]` + +The filesystem will be mounted over the target directory, and ask user permission every time a file in that directory is opened. + ## Docs - [Initial idea and motivation](./docs/bc-thesis-idea.md)