Syracuse University
Combined Capability and RBAC Lab
Overview
The learning objective of this lab is two-fold. First, this lab provides students with an opportunity to integrate two access control principles, capability and the Role-Based Access Control (RBAC), to enhance system security. Second, this lab allows students to apply their critical thinking skills to analyze their design of the system to ensure that the system is secure.In this lab, students will implement a simplified capability-based RBAC system for Minix. The simplification on RBAC is based on the RBAC standard proposed by NIST. This lab is quite comprehensive. Students should expect to spend 4 to 6 weeks on this lab. Students should have a reasonable background in operating systems, because kernel programming and debugging are required.
Lab Description and Tasks (pdf)
-
For instructors: if you prefer to modify the lab description
to suit your own courses, you can download the source files (Latex)
from here.
Helpful Documents
- Proposed NIST Standard for Role-Based Access Control.
- How to add a new system call in Minix 3
- How is a system call invoked in Minix 3
- How to manipulate the Inode data structure in Minix 3
- Three process tables in Minix 2 (needs to be updated for Minix 3)
Student Feedbacks
To help us understand how effectively this lab has enhanced students' learning in computer security, we asked students to fill out an anonymous survey right after they finish the lab. We started to conduct the survey since 2007. The survey results depicted in the following are aggregate results over several years.- Survey Questionnaires (doc, pdf)
- Survey Results
Updated on 1/15/2008