Download Encrypted File System (EFS) Implementation

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
Document related concepts
no text concepts found
Transcript 
Sandbox Implementation Project
Overview
This is the second comprehensive project that is given to the students. This project is
intended for make them understand almost all the fundamental concepts they have learnt
in the class on the sandboxing mechanism. A sandbox provides an isolated environment
by which we can monitor and restrict all system calls, thus controlling at the operating
system level any harm an application can do. All students implement the concepts of the
sandboxing that has been taught in the computer security course. In a sandbox, all child
processes of a process will also be restricted to the sandbox. After a command is issued
by the user in the sandbox all the interactions with the operating system are controlled
with the help of the system calls. When a process makes a system call, that has to be
checked by the sandbox first, and then it decides whether to allow or not to allow the call.
The sandbox has been implemented as part of the Minix system to monitor and to
understand the concepts of sandboxing. For the Minix sandboxing the students will need
to know the mapping of the three main functionalities upon which they construct the
sandbox. The 3 functionalities they need to concentrate are basically located at:
(1) User level
(2) Library level
(3) Kernel level
By restricting and tracing any system calls from the system a sandbox will reduce the
level of damage that could be inflicted on the system. When a command is run in a
sandbox it is started in a "clean" state. Its descriptor space and environment are cleared.
Before a sandboxed process begins running resources limits are setup to prevent it from
using an undesirable amount of memory, processes etc. After a command is started in a
sandbox all its interactions with the operating system are regulated through system call
interposition. When a sandboxed process makes a system call that process is paused
while the sandbox application decides whether or not to allow the call to proceed.
Prerequisites
 Have a basic understanding of the concept of sandbox (Note: we have given the
JANUS sandbox as reference for the students. The tar file for the JANUS can be found on
http://web.syr.edu/~sasankar/code.html)



Required to go through JANUS source codes that are put up on my webpage
(http://web.syr.edu/~sasankar/code.html).
Go through the presentation about the JANUS sandbox implementations.
Knowledge about system call interposition, Race condition, security policies
security in the OS kernel, and file systems.
Challenges in the project
1. Sandbox Building. - In my opinion, this is the hardest step. The building
involves two steps; one is to write the program which takes the system call
and the second step is to check the system call at the kernel level, to decide
whether to allow the system call or not. The design of this part of system is
on the user. This forms the major part for the Sandbox mechanism.
2. System Call Interposition. – This is another important part of the project.
This is one of the important technique that is used to improve the security.
There are several ways to achieve this, some using user-space utilities, and
some requiring kernel modification. You are required to think about how you
would want to implement this part.
3. Process Tracing – This is yet another important part where you need to think
of monitoring the behavior of the processes that are running in your sandbox.
How are going to trace and monitor them, is an important implementation
issue?
4. Interprocess Communication – Think about the Interprocess communication
part, Will it affect your implementation? What are the challenges? Once a
process has access to a shared memory segment, it is allowed to do whatever
it wants with it, including attaching it to the data segment of the calling
process, detaching it from the data segment etc.
5. Security Policies – This is yet another challenging part in the project. One of
the important decisions any access control mechanism should consider. A
sandbox needs to enforce some security policies. Student needs to define what
policies the sandbox should enforce? And how they define the policies,
whether the policies are flexible and how can you enforce them. Students need
to define the policy languages, and allow the policy to be changeable.
6. Security Issues – What are the potential security issues that you may
encounter in the project, for e.g. how the race conditions, symbolic link
problem etc can be solved?
Requirements & Some Important Things:
Students are required to design and implement a working sandbox mechanism for
the Minix operating system. The students can work individually or in a group of 2-3
people. The whole system has to be designed and implemented matching the set of
requirements stated below. We will award bonus points to those students who are
providing creative and useful features.
You are required to submit a post lab report, which will contain the design about
your implementation details, how you are planning to do the implementation, and all the
relevant details that you would think would be needed. This report should be submitted
within 10days the requirements are posted. Students will loose points if they do not meet
the deadline date. Each group will have to demonstrate the system (demo) after the
implementation.
Requirement 1
Demonstrate how are you planning to run the sandbox, how have you developed the
sandbox. What are the key decisions you have taken with regard to this requirement?
Requirement 2
You have to demonstrate the whole implementation at the kernel level
Requirement 3
The architecture should enable individual users to run system calls of their choice and the
sandbox should decide whether or not to allow them? You policy file has to be flexible so
that you can define the changes.
Requirement 4
Your implementation should demonstrate system call interposition and how well you
have monitored and traced the system calls. If the sandbox denies access to a particular
system call, then an error message should be displayed saying “Access Denied”.
Requirement 5
Your system should demonstrate effective policy management. How and where you have
defined your policy file? What are the key decisions you have made?
Requirement 6
Bonus points will be awarded to students who demonstrate effective security
management (if you overcame the security problems mentioned above? A part of your
creative design)
Demo for the project
After the students complete the project, each of them will present what they have
implemented.
1. Students are entirely responsible for showing the demo, in the way they feel is in
accordance to the project. We will not even touch the keyboard during the
demonstration; so don’t depend on us to test your system. If you fail to demo the
important features of your system, we will assume that your system does not have
those features.
2. The total time of the demo will be 15mins, no more additional time would be
given. So prepare your demonstration so you can cover the important features.
3. During the demo, you should consider yourself as salesmen, and you want to sell
your system to us. You are given 15 minutes to show us how good your system is.
So think about your sales strategies. If you have implemented a great system, but
fail to show us how good it is, you won’t get good grade.
Some General Guidelines
 Try running the JANUS and see how it works to get an overall picture.
 Play around with the sample sandbox code to be comfortable as to how it works.
 Please look at the Janus sandboxing paper to get an overall idea of a sandbox
Documents & websites
 Janus Sandbox implementation [PDF]
 Traps and Pitfalls: Practical Problems in System call interposition Based
Security tools [PDF]
 Sandboxing Applications [PDF]
Related documents
Our Innovation Sandbox
Our Innovation Sandbox
Sandbox Implementation Project
Sandbox Implementation Project
www.wormsandgermsblog.com Potential Problems Sandbox Design
www.wormsandgermsblog.com Potential Problems Sandbox Design
How Can a Sandbox Make Kids Sick?
How Can a Sandbox Make Kids Sick?
Feeding the Active Data Warehouse
Feeding the Active Data Warehouse
An Internet-wide Distributed System for Data-stream Processing
An Internet-wide Distributed System for Data-stream Processing
Goal-Driven Autonomy in a Navy Strategy Simulation
Goal-Driven Autonomy in a Navy Strategy Simulation
Operating Systems CSLO - Barbara Hecker
Operating Systems CSLO - Barbara Hecker
Unit OS2: Operating Systems Principles
Unit OS2: Operating Systems Principles
MYTHOLOGY RESEARCH PAPER STEP ONE: Select a Greek god
MYTHOLOGY RESEARCH PAPER STEP ONE: Select a Greek god
EECE 432– Operating Systems
EECE 432– Operating Systems
5.01G Supply and Demand Activity
5.01G Supply and Demand Activity
HW3 - UCF Computer Science - University of Central Florida
HW3 - UCF Computer Science - University of Central Florida
An Introduction to Electric Power Systems
An Introduction to Electric Power Systems
SDMX Sandbox exercise
SDMX Sandbox exercise