My undergraduate thesis on a capability based security system for a data-centric operating system.
1#import "template.typ": *
2
3#mol-chapter("Conclusion")
4
5//So, this is more a summary. Which is good to have here, but
6// you'll want to have some conclusions -- e.g. What did you learn (e.g. about the
7// cost of the operations)
8In short we provide a general overview of the critical security
9components for security system in Twizzler, along with
10implementation details and desgin descisions. The evaluation programs show how
11security policy can be expressed and verifies that the kernel is enforcing as
12programmed. Lastly we go over microbenchmarks to show and explain the cost of these operations.
13
14The results affirm our intuition that performance would be greatly improved via
15caching. The cost of verifying a signature everytime a new page from an object
16had to be mapped into a process's memory space would be redundant. Additionally,
17the performance of the kernel verifying signatures is bottlenecked by the
18performance of the cryptograhpic scheme, meaning its a good plan to allow for
19the addition of new schemes while allowing for backwards compatibility since
20adopting a more performant scheme would lead to pure performance gains.
21
22== Future Work
23
24// Maybe go into more detail here. There's a number of things that are discussed
25// as future work throughout that could use a couple sentences each here.
26
27There are a number of things I hope to achieve in future work, listed as follows.
28
29- Perform a cost-benefit analysis between key sizes and performance, trying
30 to optimimze for a future proof key size in order to maximize backwards
31 compatibility.
32
33- Program the kernel to perform access rights checks with a processes secuirty
34 context
35 during a page fault. I was hoping to get this completed before the end of this
36 quarter, but we ran into some bugs and were unable to resolve them in time.
37 Once this is hooked up, we plan to design scenarios that test the degress of
38 expressivity allowed by our secuirty model to ensure it operates as expected.
39
40- Investigate areas of the secuirty model that could be extended to support
41 Decentralized
42 Information Flow Control, inspired by the work done in FLUME @flume.
43
44- Create a onboarding process that allows new students to learn the essentials
45 of the Twizzler operating system, to foster an environment for increased
46 student contributions to the project.
47
48- Clear code documentation so that users wanting to interface with the library
49 have an easier time integrating it with their applications.
50
51
52== Acknowledgements
53I couldn't have done the work for this thesis and for Twizzler if it wasn't for the
54support I've recieved from my advisor Owen Arden and my technical mentor Daniel Bittman! I
55owe both of you so much, not just for this thesis but also for how much I've learned in
56this endeavor. Thanks guys!
57
58
59
60#load-bib(read("../refs.bib"))