My undergraduate thesis on a capability based security system for a data-centric operating system.
1#import "./template.typ": *
2
3#show: mol-thesis
4
5#mol-titlepage(
6 // title: "Design, Implementation, and Verification of a Security System for Data-Centric Operating Systems",
7 title: "Twizzler-Security\nA Capability-Based Security System for Twizzler",
8 // title: "Gurt",
9 author: "Surendra Jammishetti",
10 birth-date: "April 1st, 1980",
11 birth-place: "Alice Springs, Australia",
12 defence-date: "August 28, 2005",
13 /* Only one supervisor? The singleton array ("Dr Jack Smith",) needs the
14 trailing comma. */
15 supervisors: ("Owen B. Arden",),
16 committee: (
17 "Dr. Peter Alvaro",
18 "Dr. Andi Quinn",
19 ),
20 degree: "Computer Engineering B.S.",
21)
22
23// DANIEL feedback
24// overall great start, I'd extend the intro a little bit, its a litte sparse
25// and could use a few more things, same thing with future work and conclusion.
26//
27// run a spell check
28//
29// more feedback throughout, feel free to take or ignore
30
31#mol-abstract[
32 Traditional operating systems permit data access through the kernel, applying
33 security policy as a part of that pipeline. The Twizzler operating system flips
34 that relationship on its head, focusing on an approach where data access is a
35 first-class citizen, getting rid of the kernel as a middleman. This
36 data-centric approach requires us to rethink how security policy interacts with
37 users and the kernel. In this thesis, I present the design and implementation of
38 core security primitives in Twizzler. Then I evaluate the security model with
39 micro benchmarks of core security operations, and ways to increase performance.
40 Lastly, I discuss a few things we plan to do in the continuation of this work, as
41 its not complete by any means.
42]
43
44
45
46
47
48
49
50// we haveee the introduction, talking about how things are normally done in unix
51// - a critique of why this doesnt work inside of a data-centric operating system, such as twizzler
52//
53// a solution and design spec of what solves the problems from earlier
54//
55// benchmarking and analysis
56//
57// conclusion
58
59#outline()
60#include "1-introduction.typ"
61#include "2-keypair.typ"
62#include "3-cap.typ"
63#include "4-secctx.typ"
64#include "5-results.typ"
65#include "6-conclusion.typ"
66#pagebreak()
67
68#load-bib(read("../refs.bib"), main: true)