Syracuse University
Combined Capability and RBAC Lab
Overview
The learning objective of this lab is two-fold. First, this lab provides students with an opportunity to integrate two access control principles, capability and the Role-Based Access Control (RBAC), to enhance system security. Second, this lab allows students to apply their critical thinking skills to analyze their design of the system to ensure that the system is secure.In this lab, students will implement a simplified capability-based RBAC system for Minix. The simplification on RBAC is based on the RBAC standard proposed by NIST. This lab is quite comprehensive. Students should expect to spend 4 to 6 weeks on this lab. Students should have a reasonable background in operating systems, because kernel programming and debugging are required.
Lab Description and Tasks (pdf)
-
For instructors: if you prefer to modify the lab description
to suit your own courses, you can download the source files (Latex)
from here.
Lab Sessions and Milestones
To help you on this challenging project, we will hold a few lab sessions. After each lab session, a milestone has to be reached. Each week, we will ask some groups to demonstrate their work. If a group fails to reach a milestone, the group will lose 5% of its grade for each missed milestone (up to 20% in total).- March 21: Design Session I.
- March 28: Design Session II (design document is due on March 31, 30% of your grade will be deducted if you fail to submit this report).
- April 4: Implementation Session I.
- April 11: Implementation Session II.
- April 18: Implementation Session III.
- April 25: Demo Session (prepare for the final demonstration)
- April 29 (Tuesday): Final Demonstration.
Helpful Documents
- Proposed NIST Standard for Role-Based Access Control.
- How to add a new system call in Minix 3
- How is a system call invoked in Minix 3
- How to manipulate the Inode data structure in Minix 3
- Three process tables in Minix 2 (needs to be updated for Minix 3)
Updated on 1/15/2008