suri.codes / undergrad_thesis
My undergraduate thesis on a capability based security system for a data-centric operating system.
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

im almost released

Surendra Jammishetti b4637ef8 3db739e8

+30 -26
+16 -16
1-introduction.typ
··· 19 19 resource. This tight coupling of security policy and access mechanisms works 20 20 well since any access must be done through the kernel, so why not perform 21 21 security checks alongside accesses? This coupling gets challenged as soon as one 22 - tries to decouple access mechanisms from the kernel, as we see in Twizzler. 22 + tries to seperate access mechanisms from the kernel, as we see in Twizzler. 23 23 24 24 == Data-Centric Operating Systems 25 25 ··· 32 32 33 33 // I would add a paragraph motivating the data-centric approach 34 34 // like why would i want the kernel out of the way? 35 - These principiles emerge from treating persistent data as a first class citizen. 35 + These principles emerge from treating persistent data as a first class citizen. 36 36 Since NVM removes the necessity of the kernel to serialize and deserialize 37 37 data from storage devices and memory, it only makes sense for it to be removed 38 38 from the access path. If applications want to utilize memory as truly ··· 41 41 42 42 // this talks about why this kind of access rights is a secuirty issue. 43 43 With the decoupling of the kernel and access methods, we have to rethink 44 - how security policy for objects is enforced. While the kernel doesn't manage 44 + how security policy for data is enforced. While the kernel doesn't manage 45 45 the connection between applications and data, its still responsible for 46 46 creating that connection. This provides one area of enforcement, where 47 47 the kernel can check access rights before granting the application access 48 - to the object, and then stay out of the way after. Twizzler programs 49 - the MMU, per thread, to grant access rights, allowing for a point of enforcement; more 50 - detail can be found in section 4.2. Now we have to build the underlying system that 51 - must be enforced. 48 + to data. Twizzler programs the MMU ( Memory Management Unit ) according to 49 + granted access rights and then lets the hardware enforce it; more detail can be 50 + found in section 4.2. Now we have to define the underlying system that must be 51 + enforced. 52 52 53 53 54 54 == Capability Based Security Systems 55 55 Capability-based security systems have a rich history in research, and offer an 56 56 alternative approach to security, in opposition to the Access Control Lists of 57 57 prevalent OS's @linux_security. Boiled down, a capability is a token of 58 - authority, holding at minimum some permissions and a unique identifier to which 58 + authority, holding at minimum some permissions and a unique identifier for which 59 59 "thing" those permissions apply to @cap-book. There are some 60 60 additions we make to this basic defenition in order to apply capabilities in Twizzler, 61 61 most notablity the addition of a cryptograhic signature. Since capabilities ··· 70 70 security by enforcing it right before the point of access through the MMU. 71 71 72 72 == Our Contributions 73 - In this thesis, I detail the fundamentals of security in the Twizzler 74 - operating system, and discuss how I implement and refine some of the high 75 - level ideas described in Twizzler @twizzler and an early draft of a Twizzler security 76 - paper @twizsec. Additionally, we evaluate these systems inside kernel and user space, using 77 - Alice/Bob scenarios and microbenchmarks. 73 + In this thesis, I detail the fundamentals of security in the Twizzler operating 74 + system, and discuss how I implement and refine some of the high level ideas 75 + described in Twizzler @twizzler and an early draft of a Twizzler security paper 76 + @twizsec. Additionally, we evaluate these systems inside kernel and user space 77 + through microbenchmarks. 78 78 79 79 A list of merged PR's to Twizzler: 80 80 + #link("https://github.com/twizzler-operating-system/twizzler/pull/267")[Old Security Port to Main] ··· 82 82 - Implementation of Capabilities mentioned in section 3. 83 83 - Support to compile twizzler-security for the kernel and userspace 84 84 85 - + #link("https://github.com/twizzler-operating-system/twizzler/pull/273")[Adds creation of SigningKey / Verifying object pairs.] 85 + + #link("https://github.com/twizzler-operating-system/twizzler/pull/273")[Adds creation of SigningKey / VerifyingKey object pairs.] 86 86 - Implementation of the keypair objects containing singing and verifying keys, mentioned in section 2. 87 87 - Userspace tests for keypair creation and usage of signing / verifying keys. 88 88 89 89 + #link("https://github.com/twizzler-operating-system/twizzler/pull/275")[Security Contexts and Benchmarking] 90 90 - Implements Security Contexts for kernel and userspace, as described in section 4. 91 91 - A benchmarking framework for the kernel. 92 - - Benchmarks for cryptographic operations inside the kernel, and can be viewed in seciton 5. 93 - - Userspace benchmarks of security policy creation, as shown in section 5. 92 + - Benchmarks for cryptographic operations inside the kernel, shown in seciton 5. 93 + - Userspace benchmarks of security policy creation, shown in section 5. 94 94 95 95 More details can be found in this 96 96 #link("https://github.com/twizzler-operating-system/twizzler/issues/268")[Github
thesis.pdf

This is a binary file and will not be displayed.

+14 -10
thesis.typ
··· 31 31 // more feedback throughout, feel free to take or ignore 32 32 33 33 #mol-abstract[ 34 - Traditional operating systems permit data access through the kernel, applying 35 - security policy as a part of that pipeline. The Twizzler operating system 36 - flips that relationship on its head, focusing on an approach where data 37 - access is a first-class citizen, getting rid of the kernel as a middleman. 38 - This data-centric approach requires us to rethink how security policy 39 - interacts with users and the kernel. In this thesis, I present the design and 40 - implementation of core security primitives in Twizzler. Then I evaluate the 41 - security model with a basic and advanced scenario, as well as microbenchmarks 42 - of core security operations. Lastly, I discuss future work built off this 43 - thesis, such as the incorporation of Decentralized Information Flow Control.] 34 + Traditional operating systems permit data access through the kernel, applying 35 + security policy as a part of that pipeline. The Twizzler operating system flips 36 + that relationship on its head, focusing on an approach where data access is a 37 + first-class citizen, getting rid of the kernel as a middleman. This 38 + data-centric approach requires us to rethink how security policy interacts with 39 + users and the kernel. In this thesis, I present the design and implementation of 40 + core security primitives in Twizzler. Then I evaluate the security model with 41 + microbenchmarks of core security operations, and ways to increase performace. 42 + Lastly, I discuss a few things we plan to do in the continuation of this work, as 43 + its not conplete by any means. 44 + // Lastly, I discuss future work built 45 + // off this thesis, such as the incorporation of Decentralized Information Flow 46 + // Control. 47 + ] 44 48 45 49 46 50