DOCSLIB.ORG

All Computer Applications Need to Store and Retrieve Information

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

MyFS: An Enhanced File System for MINIX A Dissertation Submitted in partial fulfillment of the requirement for the award of the degree of MASTER OF ENGINEERING ( COMPUTER TECHNOLOGY & APPLICATIONS ) By ASHISH BHAWSAR College Roll No. 05/CTA/03 Delhi University Roll No. 3005 Under the guidance of Prof. Asok De Department Of Computer Engineering Delhi College Of Engineering, New Delhi-110042 (University of Delhi) July-2005 1 CERTIFICATE This is to certify that the dissertation entitled “MyFS: An Enhanced File System for MINIX” submitted by Ashish Bhawsar in the partial fulfillment of the requirement for the award of degree of Master of Engineering in Computer Technology and Application, Delhi College of Engineering is an account of his work carried out under my guidance and supervision. Professor D. Roy Choudhury Professor Asok De Head of Department Head of Department Department of Computer Engineering Department of Information Technology Delhi College of Engineering Delhi College of Engineering Delhi Delhi 2 ACKNOWLEDGEMENT It is a great pleasure to have the opportunity to extent my heartiest felt gratitude to everybody who helped me throughout the course of this project. I would like to express my heartiest felt regards to Dr. Asok De, Head of the Department, Department of Information Technology for the constant motivation and support during the duration of this project. It is my privilege and owner to have worked under the supervision. His invaluable guidance and helpful discussions in every stage of this thesis really helped me in materializing this project. It is indeed difficult to put his contribution in few words. I would also like to take this opportunity to present my most sincere regards to Dr. Goldie Gabrani, Assistant Professor, Department of Computer Engineering, for her able guidance and support. I would also like to take this opportunity to present my sincere regards to my teachers viz. Professor D. Roy Choudhury, Dr S. K. Saxena, Mr. Rajeev Kumar and Mrs. Rajni Jindal for their support and encouragement. I am thankful to my friends and classmates for their unconditional support and motivation during this project. Ashish Bhawsar M.E. (Computer Technology & Applications) College Roll No. 05/CTA/03 Delhi University Roll No. 3005 3 ABSTRACT In this dissertation, design and implementation of an enhanced MINIX file system MyFS for MINIX operating system has been proposed and implemented. This design is for MINIX operating system and MyFS is modified version of MINIX file system with some new features, like append-only, immutable files/directories and secure deletion. MINIX file system has some limitations. MyFS, is an effort to enhance the existing MINIX file system, and also include some new features. In MINIX file system maximum file size is restricted to nearly 65 MB. MyFS lift this restriction and is capable to handle the files of large size. The maximum file size limit is extended to 4GB nearly. MyFS uses the triple indirect blocks to implement support for large files, which have not been used in existing MINIX file system. Two new types of file and directory have been added; append-only and immutable files/directories. These new type of files have are being provided in many modern operating systems, and have been proved very useful to store sensitive system and configuration information. Another new feature of secure file deletion has been added. File systems just delete the references of the file and leave the file data undeleted, which can be recovered by recovery software. Moreover some special techniques can recover the data after overwriting. [5] To securely delete the user data from the disk some specific data patterns are to be write on the disk data blocks.[5] Secure deletion feature tries to delete user file data by overwriting such patterns on the disk. This dissertation is focusing on the design and implementation of these modifications. This design does not propose a new file system from the scratch but suggest modification for enhancement in the existing MINIX file system. 4 Contents 1. Problem Definition and Introduction…………………………………... 1.1 Literature survey…………………………………………….……………... 1.1.1 What is an operating system? ……………………….………….…. 1.1.2 Types of operating systems………………………….…..………… 1.1.3 File system : overview……………………………………………... 1.1.4 File systems in UNIX like OSs…………………………………….. 1.2 Problem Description.………………………………………………………. 1.3 Thesis organization………………………………………………………… 2. File System Concepts……………………………………………………. 2.1 Introduction………………………………………………………………... 2.1.1 Various File Systems ……………………………………………… 2.2 File Concepts ……………………………………………………………… 2.2.1 File Naming ……………………………………………………….. 2.2.2 File Structure ……………………………………………………… 2.2.3 File Access…………………………………………………………. 2.2.4 File Attributes……………………………………………………… 2.2.5 File Operations…………………………………………………….. 2.3 Implementation of Files …………………………………………………… 2.3.1 Contiguous Allocation ……………………………………………. 2.3.2 Linked List Allocation …………………………………………….. 2.3.3 Linked List Allocation Using an Index …………………………… 2.3.4 I-NODES ………………………………………………………….. 2.4 Directories…………………………………………………………………. 2.4.1 Directories in UNIX……………………………………………….. 2.5 Disk Space Management…………………………………………………... 2.5.1 Keeping Track of Free Block……………………………………… 2.6 Protection Mechanisms…………………………………………………….. 2.6.1 Protection Domains………………………………………………... 3. Overview of the MINIX File System .. ……………………………… 3.1 System Calls……………………………………………………………….. 3.2 File System Structure ……………………………………………………… 3.2.1 Super 3.2.2 Block…………………………………………..…………………… 3.2.3 Bit Maps…………………………………………………………… 3.2.4 I-nodes…………………………………………..………………… 3.2.5 Directories…………………………………………..……………... 3.2.6 File Descriptors……………………………………………………. 3.3 File Locking ……………………………………………………………….. 3.4 Pipes and Special Files…………………………………………………… 5 3.5 Mounting Operation……………………………………………….…….. 4. MyFS: Concepts and Design….…..…………………………………….. 4.1 Limitations of existing MINIX File System…….…………………………. 4.2 Concepts ……………………………………….………………………….. 4.2.1 Large Data Blocks ………………………………………………… 4.2.2 Large files …………………………………………………………. 4.2.3 Append only File/Directory ………………………………………. 4.2.4 Immutable File/Directory …………………………………………. 4.2.5 Secure Deletion……………………………………………………. 4.2.5.6 Erasure of Data stored on Magnetic Media………………. 4.3 Design Issues 4.4 Design……………………………………………………………………… 4.4.1 Large Files…………………………………………………………. 4.4.2 Append-only and Immutable Files………………………………… 4.4.3 Change in Super Block…………………………………………….. 4.4.4 Secure Deletion of Files…………………………………………… 5. MyFS: Implementation…………………………………………….……. 5.1 Support for backward compatibility ………………………………………. 5.2 Description of various features implemented …………..………………… 5.2.1 Regular file system check …………….…………………………... 5.2.2 Large files………………………………………………………….. 5.2.3 Append-only and Immutable Files/directories…………………….. 5.2.4 Secure Deletion of Files…………………………………………... 5.2.5 Large Data Block ……………………………………………….…. 6. Conclusions and Future Work………………………………………….. 6.1 Conclusion………………….……………………………………………… 6.2 Future work………………….……………………………………………... References…………………………………………………………….….….. Source Code...……………………………………………………………….. 6 CHAPTER 1 PROBLEM DEFINITION AND INTRODUCTION 1.1 Literature survey Before having problem introduction, first we summarize a few basic terms and ideas related to operating systems in this section. 1.1.1 What is an Operating System? An operating system (OS) is the system software responsible for the direct control and management of hardware and basic system operations. Additionally, it provides a foundation upon which to run application software. The operating system ensures that other applications are able to use memory, input and output devices and have access to the file system. If multiple applications are running, the operating system schedules these such that all processes have sufficient processor time where possible and do not interfere with each other. In general, the operating system is the first layer of software loaded into computer memory when it starts up. As the first software layer, all other software that gets loaded after it depends on this software to provide them with various common core services. These common core services include disk access, memory management, task scheduling, and user interfacing. Since these basic common services are assumed to be provided by the OS. Some examples of operating systems: UNIX like OS’s (which consists of all UNIX from BSD (FreeBSD) and Linux, Mac OS, Microsoft Windows, Solaris, MS-DOS, CP/M and AmigaOS. An operating system is conceptually broken into three sets of components: a user interface (which may consist of a GUI and/or a command line interpreter or "shell"), low-level system 7 utilities, and a kernel--which is the heart of the operating system. As the name implies, the shell is an outer wrapper to the kernel, which in turn talks directly to the hardware. The portion of code that performs these core services is called the "kernel" of the operating system. Compiler Banking System Web Browser Application Programs Shell Kernel Hardware Figure 1.1 Components of Operating System The kernel is the core of an operating system. It is a piece of software responsible for providing secure access to the machine's hardware and to various computer processes (a process is a computer program in a state of execution). Since there are many programs, and hardware access is limited, the kernel also decides when and how long a program should be able to make use of a piece of hardware, which is called scheduling.
Recommended publications
  • Ebook - Informations About Operating Systems Version: August 15, 2006 | Download

    Ebook - Informations About Operating Systems Version: August 15, 2006 | Download

    eBook - Informations about Operating Systems Version: August 15, 2006 | Download: www.operating-system.org AIX Internet: AIX AmigaOS Internet: AmigaOS AtheOS Internet: AtheOS BeIA Internet: BeIA BeOS Internet: BeOS BSDi Internet: BSDi CP/M Internet: CP/M Darwin Internet: Darwin EPOC Internet: EPOC FreeBSD Internet: FreeBSD HP-UX Internet: HP-UX Hurd Internet: Hurd Inferno Internet: Inferno IRIX Internet: IRIX JavaOS Internet: JavaOS LFS Internet: LFS Linspire Internet: Linspire Linux Internet: Linux MacOS Internet: MacOS Minix Internet: Minix MorphOS Internet: MorphOS MS-DOS Internet: MS-DOS MVS Internet: MVS NetBSD Internet: NetBSD NetWare Internet: NetWare Newdeal Internet: Newdeal NEXTSTEP Internet: NEXTSTEP OpenBSD Internet: OpenBSD OS/2 Internet: OS/2 Further operating systems Internet: Further operating systems PalmOS Internet: PalmOS Plan9 Internet: Plan9 QNX Internet: QNX RiscOS Internet: RiscOS Solaris Internet: Solaris SuSE Linux Internet: SuSE Linux Unicos Internet: Unicos Unix Internet: Unix Unixware Internet: Unixware Windows 2000 Internet: Windows 2000 Windows 3.11 Internet: Windows 3.11 Windows 95 Internet: Windows 95 Windows 98 Internet: Windows 98 Windows CE Internet: Windows CE Windows Family Internet: Windows Family Windows ME Internet: Windows ME Seite 1 von 138 eBook - Informations about Operating Systems Version: August 15, 2006 | Download: www.operating-system.org Windows NT 3.1 Internet: Windows NT 3.1 Windows NT 4.0 Internet: Windows NT 4.0 Windows Server 2003 Internet: Windows Server 2003 Windows Vista Internet: Windows Vista Windows XP Internet: Windows XP Apple - Company Internet: Apple - Company AT&T - Company Internet: AT&T - Company Be Inc. - Company Internet: Be Inc. - Company BSD Family Internet: BSD Family Cray Inc.
  • Lettera Dell'alfabeto Turco, La Quale Si Usa Anche Con Gli Accenti Aggiuntivi Per Comporre Ì, Í, Ï

    Lettera Dell'alfabeto Turco, La Quale Si Usa Anche Con Gli Accenti Aggiuntivi Per Comporre Ì, Í, Ï

    I ı senza punto [ ı ]. Lettera dell’alfabeto turco, la quale si usa anche con gli accenti aggiuntivi per comporre ì, í, ï, ĩ. i.e. → id est ialografia [dal gr. hýalos, «vetro», e grafia, dal gr. -graphía, der. di gráphō, «scrivere»]. Incisione su vetro. Si può anche impiegare come fototipo* per ottenere una forma di stampa. ialotipia [dal gr. hýalos, «vetro», e tipia, da tipo- dal lat. typus, gr. týpos, «impronta, carattere»]. Procedimento di stampa che utilizza lastre di zinco su cui sono riportate incisioni fatte su lastre di vetro. iato [dal lat. hiatus -us, der. di hiare, «aprirsi»]. Indica l’incontro di vocali non solo nel corpo d’una stessa parola, ma anche in fine e principio di due parole consecutive. (v. anche elisione). ib., ibid. → ibidem ibidem [it. in quello stesso luogo]. Termine latino, spesso abbreviato ib., che significa nello stesso luogo. Utilizzato nelle note a piè di pagina, consente di evitare di ripetere il titolo dell’opera citata subito prima. IBN → Index bio-bibliographicus notorum hominum (IBN). ibrida [ingl. hibrid; dal lat. hybrĭda «bastardo», di etimo incerto]. Termine utilizzato per definire una scrittura che mostra elementi di scritture diverse. ICA Acronimo di International Council of Archive (<www.ica.org>). icnografia [dal gr. ichnographía, comp. di íchnos, «traccia» e -graphía «-grafia»]. Rappresentazione grafica, in proiezione ortogonale, della sezione orizzontale di un edificio. Sinonimo di pianta. icòna [dal gr. biz. eikóna, gr. class. eikṓn -ónos, «immagine»]. 1. Immagine sacra, rappresentante il Cristo, la Vergine, uno o più santi, dipinta su tavoletta di legno o lastra di metallo, spesso decorata d’oro, argento e pietre preziose, tipica dell’arte bizantina e, in seguito, di quella russa e balcanica.
  • The Flask Security Architecture: System Support for Diverse Security Policies

    The Flask Security Architecture: System Support for Diverse Security Policies

    The Flask Security Architecture: System Support for Diverse Security Policies Ray Spencer Secure Computing Corporation Stephen Smalley, Peter Loscocco National Security Agency Mike Hibler, David Andersen, Jay Lepreau University of Utah http://www.cs.utah.edu/flux/flask/ Abstract and even many types of policies [1, 43, 48]. To be gen- erally acceptable, any computer security solution must Operating systems must be flexible in their support be flexible enough to support this wide range of security for security policies, providing sufficient mechanisms for policies. Even in the distributed environments of today, supporting the wide variety of real-world security poli- this policy flexibility must be supported by the security cies. Such flexibility requires controlling the propaga- mechanisms of the operating system [32]. tion of access rights, enforcing fine-grained access rights and supporting the revocation of previously granted ac- Supporting policy flexibility in the operating system is cess rights. Previous systems are lacking in at least one a hard problem that goes beyond just supporting multi- of these areas. In this paper we present an operating ple policies. The system must be capable of supporting system security architecture that solves these problems. fine-grained access controls on low-level objects used to Control over propagation is provided by ensuring that perform higher-level functions controlled by the secu- the security policy is consulted for every security deci- rity policy. Additionally, the system must ensure that sion. This control is achieved without significant perfor- the propagation of access rights is in accordance with mance degradation through the use of a security decision the security policy.
  • Microkernels Meet Recursive Virtual Machines

    Microkernels Meet Recursive Virtual Machines

    Microkernels Meet Recursive Virtual Machines Bryan Ford Mike Hibler Jay Lepreau Patrick Tullmann Godmar Back Stephen Clawson Department of Computer Science, University of Utah Salt Lake City, UT 84112 [email protected] http://www.cs.utah.edu/projects/flux/ Abstract ªverticallyº by implementing OS functionalityin stackable virtual machine monitors, each of which exports a virtual Thispaper describes a novel approach to providingmod- machine interface compatible with the machine interface ular and extensible operating system functionality and en- on which it runs. Traditionally,virtual machines have been capsulated environments based on a synthesis of micro- implemented on and export existing hardware architectures kernel and virtual machine concepts. We have developed so they can support ªnaiveº operating systems (see Fig- a software-based virtualizable architecture called Fluke ure 1). For example, the most well-known virtual machine that allows recursive virtual machines (virtual machines system, VM/370 [28, 29], provides virtual memory and se- running on other virtual machines) to be implemented ef- curity between multiple concurrent virtual machines, all ®ciently by a microkernel running on generic hardware. exporting the IBM S/370 hardware architecture. Further- A complete virtual machine interface is provided at each more, special virtualizable hardware architectures [22, 35] level; ef®ciency derives from needing to implement only have been proposed, whose design goal is to allow virtual new functionality at each level. This infrastructure allows machines to be stacked much more ef®ciently. common OS functionality, such as process management, demand paging, fault tolerance, and debugging support, to This paper presents a new approach to OS extensibil- be provided by cleanly modularized, independent, stack- ity which combines both microkernel and virtual machine able virtual machine monitors, implemented as user pro- concepts in one system.
  • Composing Abstractions Using the Null-Kernel

    Composing Abstractions Using the Null-Kernel

    Composing Abstractions using the null-Kernel James Litton Deepak Garg University of Maryland Max Planck Institute for Software Systems Max Planck Institute for Software Systems [email protected] [email protected] Peter Druschel Bobby Bhattacharjee Max Planck Institute for Software Systems University of Maryland [email protected] [email protected] CCS CONCEPTS hardware, such as GPUs, crypto/AI accelerators, smart NICs/- • Software and its engineering → Operating systems; storage devices, NVRAM etc., and to efficiently support new Layered systems; • Security and privacy → Access control. application requirements for functionality such as transac- tional memory, fast snapshots, fine-grained isolation, etc., KEYWORDS that demand new OS abstractions that can exploit existing hardware in novel and more efficient ways. Operating Systems, Capability Systems At its core, the null-Kernel derives its novelty from being ACM Reference Format: able to support and compose across components, called Ab- James Litton, Deepak Garg, Peter Druschel, and Bobby Bhattachar- stract Machines (AMs) that provide programming interfaces jee. 2019. Composing Abstractions using the null-Kernel. In Work- at different levels of abstraction. The null-Kernel uses an ex- shop on Hot Topics in Operating Systems (HotOS ’19), May 13–15, 2019, Bertinoro, Italy. ACM, New York, NY, USA, 6 pages. https: tensible capability mechanism to control resource allocation //doi.org/10.1145/3317550.3321450 and use at runtime. The ability of the null-Kernel to support interfaces at different levels of abstraction accrues several 1 INTRODUCTION benefits: New hardware can be rapidly deployed using rela- tively low-level interfaces; high-level interfaces can easily Abstractions imply choice, one that OS designers must con- be built using low-level ones; and applications can benefit front when designing a programming interface to expose.
  • Microkernel Construction Introduction

    Microkernel Construction Introduction

    Microkernel Construction Introduction Nils Asmussen 04/09/2020 1 / 32 Normal Organization Thursday, 4th DS, 2 SWS Slides: www.tudos.org ! Studies ! Lectures ! MKC Subscribe to our mailing list: www.tudos.org/mailman/listinfo/mkc2020 In winter term: Microkernel-based operating systems (MOS) Various labs 2 / 32 Organization due to COVID-19 Slides and video recordings of lectures will be published Questions can be asked on the mailing list Subscribe to the mailing list! Practical exercises are planed for the end of the semester Depending on how COVID-19 continues, exercises are in person or we use some video-conferencing tool 3 / 32 Goals 1 Provide deeper understanding of OS mechanisms 2 Look at the implementation details of microkernels 3 Make you become enthusiastic microkernel hackers 4 Propaganda for OS research done at TU Dresden and Barkhausen Institut 4 / 32 Outline Organization Monolithic vs. Microkernel Kernel design comparison Examples for microkernel-based systems Vision vs. Reality Challenges Overview About L4/NOVA 5 / 32 Monolithic Kernel System Design u s Application Application Application e r k Kernel e r File Network n e Systems Stacks l m Memory Process o Drivers Management Management d e Hardware 6 / 32 Monolithic Kernel OS (Propaganda) System components run in privileged mode No protection between system components Faulty driver can crash the whole system Malicious app could exploit bug in faulty driver More than 2=3 of today's OS code are drivers No need for good system design Direct access to data structures Undocumented
  • Virtualization Technologies Overview Course: CS 490 by Mendel

    Virtualization Technologies Overview Course: CS 490 by Mendel

    Virtualization technologies overview Course: CS 490 by Mendel Rosenblum Name Can boot USB GUI Live 3D Snaps Live an OS on mem acceleration hot of migration another ory runnin disk alloc g partition ation system as guest Bochs partially partially Yes No Container s Cooperati Yes[1] Yes No No ve Linux (supporte d through X11 over networkin g) Denali DOSBox Partial (the Yes No No host OS can provide DOSBox services with USB devices) DOSEMU No No No FreeVPS GXemul No No Hercules Hyper-V iCore Yes Yes No Yes No Virtual Accounts Imperas Yes Yes Yes Yes OVP (Eclipse) Tools Integrity Yes No Yes Yes No Yes (HP-UX Virtual (Integrity guests only, Machines Virtual Linux and Machine Windows 2K3 Manager in near future) (add-on) Jail No Yes partially Yes No No No KVM Yes [3] Yes Yes [4] Yes Supported Yes [5] with VMGL [6] Linux- VServer LynxSec ure Mac-on- Yes Yes No No Linux Mac-on- No No Mac OpenVZ Yes Yes Yes Yes No Yes (using Xvnc and/or XDMCP) Oracle Yes Yes Yes Yes Yes VM (manage d by Oracle VM Manager) OVPsim Yes Yes Yes Yes (Eclipse) Padded Yes Yes Yes Cell for x86 (Green Hills Software) Padded Yes Yes Yes No Cell for PowerPC (Green Hills Software) Parallels Yes, if Boot Yes Yes Yes DirectX 9 Desktop Camp is and for Mac installed OpenGL 2.0 Parallels No Yes Yes No partially Workstati on PearPC POWER Yes Yes No Yes No Yes (on Hypervis POWER 6- or (PHYP) based systems, requires PowerVM Enterprise Licensing) QEMU Yes Yes Yes [4] Some code Yes done [7]; Also supported with VMGL [6] QEMU w/ Yes Yes Yes Some code Yes kqemu done [7]; Also module supported
  • Computer Architectures an Overview

    Computer Architectures an Overview

    Computer Architectures An Overview PDF generated using the open source mwlib toolkit. See http://code.pediapress.com/ for more information. PDF generated at: Sat, 25 Feb 2012 22:35:32 UTC Contents Articles Microarchitecture 1 x86 7 PowerPC 23 IBM POWER 33 MIPS architecture 39 SPARC 57 ARM architecture 65 DEC Alpha 80 AlphaStation 92 AlphaServer 95 Very long instruction word 103 Instruction-level parallelism 107 Explicitly parallel instruction computing 108 References Article Sources and Contributors 111 Image Sources, Licenses and Contributors 113 Article Licenses License 114 Microarchitecture 1 Microarchitecture In computer engineering, microarchitecture (sometimes abbreviated to µarch or uarch), also called computer organization, is the way a given instruction set architecture (ISA) is implemented on a processor. A given ISA may be implemented with different microarchitectures.[1] Implementations might vary due to different goals of a given design or due to shifts in technology.[2] Computer architecture is the combination of microarchitecture and instruction set design. Relation to instruction set architecture The ISA is roughly the same as the programming model of a processor as seen by an assembly language programmer or compiler writer. The ISA includes the execution model, processor registers, address and data formats among other things. The Intel Core microarchitecture microarchitecture includes the constituent parts of the processor and how these interconnect and interoperate to implement the ISA. The microarchitecture of a machine is usually represented as (more or less detailed) diagrams that describe the interconnections of the various microarchitectural elements of the machine, which may be everything from single gates and registers, to complete arithmetic logic units (ALU)s and even larger elements.
  • BCIS 1305 Business Computer Applications

    BCIS 1305 Business Computer Applications

    BCIS 1305 Business Computer Applications BCIS 1305 Business Computer Applications San Jacinto College This course was developed from generally available open educational resources (OER) in use at multiple institutions, drawing mostly from a primary work curated by the Extended Learning Institute (ELI) at Northern Virginia Community College (NOVA), but also including additional open works from various sources as noted in attributions on each page of materials. Cover Image: “Keyboard” by John Ward from https://flic.kr/p/tFuRZ licensed under a Creative Commons Attribution License. BCIS 1305 Business Computer Applications by Extended Learning Institute (ELI) at NOVA is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted. CONTENTS Module 1: Introduction to Computers ..........................................................................................1 • Reading: File systems ....................................................................................................................................... 1 • Reading: Basic Computer Skills ........................................................................................................................ 1 • Reading: Computer Concepts ........................................................................................................................... 1 • Tutorials: Computer Basics................................................................................................................................ 1 Module 2: Computer
  • The Flask Security Architecture: System Support for Diverse Security Policies

    The Flask Security Architecture: System Support for Diverse Security Policies

    The Flask Security Architecture: System Support for Diverse Security Policies Ray Spencer Secure Computing Corporation Stephen Smalley, Peter Loscocco National Security Agency Mike Hibler, David Andersen, Jay Lepreau University of Utah http://www.cs.utah.edu/flux/flask/ Abstract and even many types of policies [1, 43, 48]. To be gen­ erally acceptable, any computer security solution must Operating systems must be flexible in their support be flexible enough to support this wide range of security for security policies, providing sufficient mechanisms for policies. Even in the distributed environments of today, supporting the wide variety of real-world security poli­ this policy flexibility must be supported by the security cies. Such flexibility requires controlling the propaga­ mechanisms of the operating system [32]. tion of access rights, enforcing fine-grained access rights and supporting the revocation of previously granted ac­ Supporting policy flexibility in the operating system is cess rights. Previous systems are lacking in at least one a hard problem that goes beyond just supporting multi­ of these areas. In this paper we present an operating ple policies. The system must be capable of supporting system security architecture that solves these problems. fine-grained access controls on low-level objects used to Control over propagation is provided by ensuring that perform higher-level functions controlled by the secu­ the security policy is consulted for every security deci­ rity policy. Additionally, the system must ensure that sion. This control is achieved without significant perfor­ the propagation of access rights is in accordance with mance degradation through the use of a security decision the security policy.
  • Harvard Cs252r Fa'13

    Harvard Cs252r Fa'13

    Type Enforcement & Pluggable MAC Harvard CS252r Fa’13 Tuesday, October 22, 13 1 Practical Domain and Type Enforcement for UNIX • Badger, et al. 1995 • Trusted Information Systems Tuesday, October 22, 13 2 Domain and Type Enforcement • Every Subject is associated with a Domain • Every Object is associated with a Type Tuesday, October 22, 13 3 Boebart and Kain ’85 [7], page 23 introduces this a given user could have multiple subjects operating in diferent domains dynamically, it seems a subject and an object are associated with just one, statically: could be anything Domain and Type Enforcement • Domain Definition Table • Domain’s Access Rights to each Type • read, write, etc. • Domain Interaction Table • Domain’s Access Rights to other Domains • signal, create, destroy, etc. Tuesday, October 22, 13 4 Domain and Type Enforcement • Strict Superset of Lattice-Expressible Security Policies Tuesday, October 22, 13 5 Domain and Type Enforcement Manager budget designs Accountant Engineer salary Tuesday, October 22, 13 6 DTEL Domain and Type Enforcement Language • Encompasses Existing Security Policies • Hierarchical Types • Simple, Declarative Language Tuesday, October 22, 13 7 DTEL Operating System Entities File Hierarchy Process Hierarchy Figure 1: Mismatch Between Policy Concepts and System Structures trol configurations. A DTE specification includes ration: the type statement, the domain statement, the security attribute associations such as typelfile tnitial-domain statement, and the assign statement.’ associations as well as other access control in- The purpose of this section is not to fully document Tuesday,formation. October 22, 13 The language provides a high-level DTEL, but to demonstrate through a small example 8 view of information traditionally enurnerated in that a meaningful DTEL policy can be expressed com- type enforcement tables and includes facilities pletely in a form simple and concise enough to be ad- for superimposing security attribute bindings and ministered at reasonable cost.
  • Capability Myths Demolished

    Capability Myths Demolished

    Capability Myths Demolished Mark S. Miller Ka-Ping Yee Jonathan Shapiro Combex, Inc. University of California, Berkeley Johns Hopkins University [email protected] [email protected] [email protected] ABSTRACT The second and third myths state false limitations on We address three common misconceptions about what capability systems can do, and have been capability-based systems: the Equivalence Myth (access propagated by a series of research publications over the control list systems and capability systems are formally past 20 years (including [2, 3, 7, 24]). They have been equivalent), the Confinement Myth (capability systems cited as reasons to avoid adopting capability models cannot enforce confinement), and the Irrevocability and have even motivated some researchers to augment Myth (capability-based access cannot be revoked). The capability systems with extra access checks [7, 13] in Equivalence Myth obscures the benefits of capabilities attempts to fix problems that do not exist. The myths as compared to access control lists, while the Confine- about what capability systems cannot do continue to ment Myth and the Irrevocability Myth lead people to spread, despite formal results [22] and practical see problems with capabilities that do not actually exist. systems [1, 9, 18, 21] demonstrating that they can do these supposedly impossible things. The prevalence of these myths is due to differing inter- pretations of the capability security model. To clear up We believe these severe misunderstandings are rooted the confusion, we examine three different models that in the fact that the term capability has come to be have been used to describe capabilities, and define a set portrayed in terms of several very different security of seven security properties that capture the distinctions models.