Syracuse University
Capability Lab
Overview
The learning objective of this lab is for students to apply the capability concept to enhance system security. In Unix, there are a number of privileged programs (e.g., Set-UID programs); when these programs are run, even by normal users, they run as root (i.e., system administrator); namely the running programs possess all the privileges that the root has, despite of the fact that not all of these privileges are actually needed for the intended tasks. This design clearly violates an essential security engineering principle, the principle of least privilege. As a consequence of the violation, if there are vulnerabilities in these programs, attackers might be able to exploit the vulnerabilities and abuse the root's privileges.The capability principle have been used to replace the Set-UID mechanism. In Trusted Solaris 8, root's privileges are divided into 80 smaller capabilities. Each privileged program only carries the capabilities that are necessary. A similar capability system is also developed in Linux. In this lab, we will implement a simplified capability system for Minix.
Lab Description and Tasks (pdf)
-
For instructors: if you prefer to modify the lab description
to suit your own courses, you can download the source files (Latex)
from here.
Time for This Lab: 5 weeks
Survey
The following survey is designed to help us understand how effectively this lab has enhanced students' learning in computer security. The survey is anonymous, and is usually conducted after students finish the lab.- Survey Questionnaires
- Survey Results: Spring'06
Helpful Documents
- How to add a new system call in Minix
- How is a system call invoked in Minix
- Three process tables in Minix
- How to manipulate the Inode data structure