OverviewThe learning objective of this lab is for students to apply the capability concept to enhance system security. In Unix, there are a number of privileged programs (e.g., Set-UID programs); when these programs are run, even by normal users, they run as root (i.e., system administrator); namely the running programs possess all the privileges that the root has, despite of the fact that not all of these privileges are actually needed for the intended tasks. This design clearly violates an essential security engineering principle, the principle of least privilege. As a consequence of the violation, if there are vulnerabilities in these programs, attackers might be able to exploit the vulnerabilities and abuse the root's privileges.
The capability principle have been used to replace the Set-UID mechanism. In Trusted Solaris 8, root's privileges are divided into 80 smaller capabilities. Each privileged program only carries the capabilities that are necessary. A similar capability system is also developed in Linux. In this lab, we will implement a simplified capability system for Minix.
Lab Description and Tasks (pdf)
Time for This Lab: 5 weeks
SurveyThe following survey is designed to help us understand how effectively this lab has enhanced students' learning in computer security. The survey is anonymous, and is usually conducted after students finish the lab.