Date: Thu, 17 Oct 1996 21:15:41 CDT From: Kent Vander Velden <graphix@iastate.edu> To: hackers@freebsd.org Subject: new filesystem Message-ID: <9610180215.AA12203@spiff.cc.iastate.edu>
next in thread | raw e-mail | index | archive | help
For a computer security class project I would like to implement the BPL security model in a filesystem and am looking for a hint as to where to begin. The BPL model uses classifications, compartments and a few simple rules to determine if a user can access the files. Users and files have classifications placed on them as well as belonging in compartments. At the moment I am thinking that for the project that I could get by with an extra 64 bits of information per file. Perhaps 10 bits for classification and the remainder for compartment. My feeling as to how to proceed to implement the filesystem is to copy the ufs filesystem code and give it a new identity. The extra code to handle the model slowly worked in. There would appear to be an extra 64 bits of spare space at the end of the dinode structure where I planned to store the classifications and compartment information. "The Design and Implementation of the 4.4 BSD OS" talks about using the nullfs as a starting place for a new filesystem or a layer but I am not completely certain that this is the best choice in this case. Perhaps the extra information could be handled at the vnode level instead of the inode level... I am curious what others more experienced feel would be the best way to do this. I would like to minimize the impact that my changes have on the actual kernel of course. Thanks. --- Kent Vander Velden graphix@iastate.edu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9610180215.AA12203>