Department of Electrical Engineering and Computer Science
Syracuse University

Linux Capability Exploration Lab

Lab Overview

The learning objective of this lab is for students to gain first-hand experiences on capability, to appreciate the advantage of capabilities in access control, and to master how to use capability in to achieve the principle of least privileges. In addition, through this lab, by dissecting the capability mechanism in Linux, students will gain insights on how capability is implemented in operating systems. This lab is based on POSIX 1.e capability, which is implemented in recent versions of Linux kernel.

Lab Description and Tasks (PDF)

    For instructors: if you prefer to modify the lab description to suit your own courses, you can download the source files (Latex) from here.

    VM Version: This lab description was originally developed for Ubuntu 9.11, but we have revised it for Ubuntu 11.04. You can still use our Ubuntu 9.11 VM image (accept some minor inconsistency), but it is better that you use our newer VM image (Ubuntu 11.04).

Recommended Time: 2 weeks

Files that are Needed

Helpful Documents

Student Feedbacks

To help us understand how effectively this lab has enhanced students' learning in computer security, we asked students to fill out an anonymous survey right after they finish the lab. We started to conduct the survey since 2007. The survey results depicted in the following are aggregate results over several years.
  • Survey Questionnaires (doc, pdf)
  • Survey Results (not available)