Compare commits
3 Commits
c705f9adca
...
560bf8a7e0
Author | SHA1 | Date | |
---|---|---|---|
560bf8a7e0 | |||
5b4651c759 | |||
b6bc440f5a |
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
./build/*
|
21
Makefile
Normal file
21
Makefile
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
|
||||||
|
CC := gcc
|
||||||
|
CXX := g++
|
||||||
|
|
||||||
|
O_LDFLAGS :=
|
||||||
|
O_CFLAGS := -O3
|
||||||
|
|
||||||
|
O_LDFLAGS_DEBUG :=
|
||||||
|
O_CFLAGS_DEBUG := -pedantic -Wall -Wextra -Wcast-align -Wcast-qual -Wctor-dtor-privacy -Wdisabled-optimization -Wformat=2 -Winit-self -Wlogical-op -Wmissing-declarations -Wmissing-include-dirs -Wnoexcept -Wold-style-cast -Woverloaded-virtual -Wredundant-decls -Wshadow -Wsign-conversion -Wsign-promo -Wstrict-null-sentinel -Wstrict-overflow=5 -Wswitch-default -Wundef -Wno-unused -Weffc++
|
||||||
|
|
||||||
|
I_LDFLAGS := -lfuse3 -pthread
|
||||||
|
I_CFLAGS := -I/usr/include/fuse -D_FILE_OFFSET_BITS=64
|
||||||
|
|
||||||
|
SOURCES_DIR := ./sources
|
||||||
|
BUILD_DIR := ./build
|
||||||
|
|
||||||
|
build: $(SOURCES_DIR)/main.cpp
|
||||||
|
$(CXX) $(O_CFLAGS) $(I_CFLAGS) $(SOURCES_DIR)/main.cpp $(O_LDFLAGS) $(I_LDFLAGS) -o $(BUILD_DIR)/icfs
|
||||||
|
|
||||||
|
dev-build: $(SOURCES_DIR)/main.cpp
|
||||||
|
$(CXX) $(O_CFLAGS_DEBUG) $(I_CFLAGS) $(SOURCES_DIR)/main.cpp $(O_LDFLAGS_DEBUG) $(I_LDFLAGS) -o $(BUILD_DIR)/icfs
|
32
README.md
32
README.md
@ -1,20 +1,30 @@
|
|||||||
# ICFS -- Interactively Controlled File System.
|
# ICFS -- Interactively Controlled File System
|
||||||
|
|
||||||
## Motivation
|
## Motivation
|
||||||
|
|
||||||
Traditional access control mechanisms in operating systems allow the same level of access to all processes running on behalf of the same user. This typically enables malicious processes to read and/or modify all data accessible to the user running a vulnerable application. It can be dealt using various mandatory access control mechanisms, but these are often complicated to configure and are rarely used in common user oriented scenarios. This thesis focuses on design and implementation of a filesystem layer which delegates the decision to allow or deny access to a filesystem object by a specific process to the user.
|
Traditional access control mechanisms in operating systems allow the same level
|
||||||
|
of access to all processes running on behalf of the same user. This typically
|
||||||
|
enables malicious processes to read and/or modify all data accessible to the
|
||||||
|
user running a vulnerable application. It can be dealt using various mandatory
|
||||||
|
access control mechanisms, but these are often complicated to configure and are
|
||||||
|
rarely used in common user oriented scenarios. This thesis focuses on design
|
||||||
|
and implementation of a file system layer which delegates the decision to allow
|
||||||
|
or deny access to a file system object by a specific process to the user.
|
||||||
|
|
||||||
## Goals
|
## Goals
|
||||||
* analyse the problem and design a solution
|
|
||||||
* implement the solution using the FUSE framework
|
- Analyze the problem and design a solution
|
||||||
* test the solution and demonstrate its benefits
|
- Implement the solution using the FUSE framework
|
||||||
|
- Test the solution and demonstrate its benefits
|
||||||
|
|
||||||
## Docs
|
## Docs
|
||||||
* [Initial idea and motivation](./docs/bc-thesis-idea.md)
|
|
||||||
* [Some identified issues](./docs/bc-thesis-problems.md)
|
- [Initial idea and motivation](./docs/bc-thesis-idea.md)
|
||||||
* [Formal specification](./docs/bc-thesis-specs.md)
|
- [Some identified issues](./docs/bc-thesis-problems.md)
|
||||||
|
- [Formal specification](./docs/bc-thesis-specs.md)
|
||||||
|
|
||||||
## Credit
|
## Credit
|
||||||
|
|
||||||
*Student:* Fedir Kovalov
|
_Student:_ Fedir Kovalov
|
||||||
|
|
||||||
*Supervisor:* RNDr. Jaroslav Janáček, PhD.
|
_Supervisor:_ RNDr. Jaroslav Janáček, PhD.
|
||||||
|
23
sources/main.cpp
Normal file
23
sources/main.cpp
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
|
||||||
|
#define FUSE_USE_VERSION 31
|
||||||
|
|
||||||
|
#include <fuse3/fuse.h>
|
||||||
|
|
||||||
|
static void *hello_init(struct fuse_conn_info *conn, struct fuse_config *cfg) {
|
||||||
|
(void)conn;
|
||||||
|
cfg->kernel_cache = 1;
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
static const struct fuse_operations hello_oper = {
|
||||||
|
.init = hello_init,
|
||||||
|
};
|
||||||
|
|
||||||
|
int main(int argc, char *argv[]) {
|
||||||
|
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
ret = fuse_main(argc, argv, &hello_oper, NULL);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user