31 lines
1.1 KiB
Markdown
31 lines
1.1 KiB
Markdown
# ICFS -- Interactively Controlled File System
|
|
|
|
## Motivation
|
|
|
|
Traditional access control mechanisms in operating systems allow the same level
|
|
of access to all processes running on behalf of the same user. This typically
|
|
enables malicious processes to read and/or modify all data accessible to the
|
|
user running a vulnerable application. It can be dealt using various mandatory
|
|
access control mechanisms, but these are often complicated to configure and are
|
|
rarely used in common user oriented scenarios. This thesis focuses on design
|
|
and implementation of a file system layer which delegates the decision to allow
|
|
or deny access to a file system object by a specific process to the user.
|
|
|
|
## Goals
|
|
|
|
- Analyze the problem and design a solution
|
|
- Implement the solution using the FUSE framework
|
|
- Test the solution and demonstrate its benefits
|
|
|
|
## Docs
|
|
|
|
- [Initial idea and motivation](./docs/bc-thesis-idea.md)
|
|
- [Some identified issues](./docs/bc-thesis-problems.md)
|
|
- [Formal specification](./docs/bc-thesis-specs.md)
|
|
|
|
## Credit
|
|
|
|
_Student:_ Fedir Kovalov
|
|
|
|
_Supervisor:_ RNDr. Jaroslav Janáček, PhD.
|