Skip to content

o1oo11oo/thesis-code

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

187 Commits
abac_lsm_2022
abac_lsm_2022
 
 
configs
configs
 
 
linux @ da77af3
linux @ da77af3
 
 
perf
perf
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Code and Artifacts for: Enforcing Flexible Access Control Policies in a Rust-based Linux Security Module

This repository contains the code for the master's thesis Enforcing Flexible Access Control Policies in a Rust-based Linux Security Module, available under https://doi.org/10.22032/dbt.66733. The artifacts are published on Zenodo under https://doi.org/10.5281/zenodo.17765425, while the code is also available on GitHub under https://github.com/o1oo11oo/thesis-code.

The GitHub repository contains only the code and smaller artifacts, large files or directories are excluded there. This concerns the compiled kernels that are used for the evaluation and the gathered results.

Code Structure

  • abac_lsm_2022: ABAC LSM source code and generated policies, originally https://github.com/saivarshith2000/abac_lsm_2022
  • configs: Linux kernel configs used to compile kernels for evaluation
  • kernels (artifacts only): compiled kernels that were used for the evaluation, with very limited module support and as RPMs because the evaluation uses Fedora
  • linux: Linux kernel source tree with Rust DABAC LSM and ported ABAC LSM
  • perf: Performance evaluation framework, including:
    • perf/configs: Configs (policies) to load into the LSM during evaluation
    • perf/eval: Python code for results analysis
    • perf/generator: LSM config/policy generator
    • perf/orchestrator: Test orchestrator that runs all tests that have not been run yet, manages the test runners, collects results and boots into the next needed kernel config
    • perf/results_* (artifacts only): Gathered results for a specific kernel config
    • perf/runner: Test runner that executes file operations
  • scripts: Helper scripts to set kernel config and generate GRUB boot entries

Branches

The Linux kernel repository (available at https://github.com/o1oo11oo/linux) has multiple branches, some of which contain in-progress versions or external code that was added. The branches are all prefixed with thesis-, in case the repository is reused for other kernel development in the future. Here is an overview over the code on those branches:

  • thesis-abac-lsm: The original ABAC LSM code with some fixes to make it build with more recent compilers, otherwise unchanged.
  • thesis-abac-lsm-ported: The ABAC LSM ported to Linux v6.14.8. Note that this does not contain every single fix or change that was added to the ABAC LSM, as some of them are only part of the thesis-main branch. Those can be found in commits with the abac: prefix.
  • thesis-main: All development for the Rust DABAC LSM, this is used to build the kernels for evaluation.
  • thesis-rcu-upstream: Upstream version of the RCU bindings originally provided by Boqun Feng.
  • thesis-rcu: Local version of the RCU bindings, a rebase of thesis-rcu-upstream to Linux v6.14.8.
  • thesis-rust-lsm-bindings: Initial LSM bindings that were sent to the mailing lists for comments.

For the artifacts, the full Linux kernel source tree is not included. Instead, the individual commits are exported as patches that need to be applied. All commits for a branch are collected in a directory of the same name. The base commits for that are:

  • thesis-abac-lsm: v5.10.96/f255ac9e8776ffe10c6b31a27bb438debca85a81
  • thesis-rcu-upstream: v6.14-rc5/7eb172143d5508b4da468ed59ee857c6e5e01da6
  • thesis-rust-lsm-bindings: v6.15-rc2/8ffd015db85fea3e15a77027fda6c02ced4d2444
  • thesis-main: v6.14.8/78155accfe563a8f72dac383bd1d754b690e92de
  • thesis-abac-lsm-ported/thesis-rcu: are included in thesis-main as the branches are stacked, thesis-rcu is 117711ece41be58b5ee97f4c695f2e64cb6046f9 and thesis-abac-lsm-ported is 75410057b6f063a3dc36f779f00d3932ce27b940.

Getting Started

To clone the repository including the submodules use:

git clone --recurse-submodules <repo-url>

Keep in mind that the submodule is the full linux kernel source tree, so cloning it might take a while! To limit the depth you can instead use:

git clone --recurse-submodules --shallow-submodules <repo-url>

Necessary Dependencies

For Linux kernel development including Rust a Rust toolchain is needed in addition to the normal Linux kernel dependencies: Ubuntu/Fedora, Rust. Since Linux kernel builds with Rust are usually built using LLVM, that (including clang and lld) needs to be installed as well.

License

  • Linux kernel code is licensed under GPL-2.0, see the linux repository for more information.
  • The ABAC LSM is licensed under GPL-2.0, see its repository for more information.
  • The thesis itself is licensed under CC-BY-4.0.
  • All other code is licensed under MIT license, see the LICENSE file.

About

Code for: Enforcing Flexible Access Control Policies in a Rust-based Linux Security Module

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages