Date of Defense
Date of Graduation
Access control is a prerequisite for security in computing systems. Unix permission bits are insufficient for many applications. Advanced access control models, including Multi Level Security (MLS), Role Based Access Control (RBAC), and Domain Type Enforcement (DTE) offer added security. Being able to understand and implement these models both as a software developer and a user of software is important, and this is the topic of university courses. A linux filesystem implementing RBAC was developed as a teaching aid for courses in secure software design. The filesystem is implemented in C using the Filesystem in Userspace (FUSE) kernel module. This filesystem will help students to better understand, implement, and use RBAC, and will encourage the use of these advanced access control models.
The software was implemented in three primary modules, designed to separate the concerns of parsing, policy lookup, and implementing fuse functionality. These modules are compiled separately as static libraries, and are tested individually by per-module unit tests. These libraries are linked into a single rbacfs binary which implements command line parsing. This modular design will aid in using this tool as a
teaching aid, as it allows students to make and test local changes in one module without considering the remaining modules. Integration tests, which are performed on the resulting linked binary, also act to improve student confidence about the changes they make by confirming changes to one module do not affect any other module.
To demonstrate the effectiveness of this software in a classroom setting, we also developed an example assignment for a secure software design course using the software. To facilitate completion of the assignment, we developed user and maintenance documentation, which describes the use and modification of the software, respectively.
The code is maintained in a Git revision control repository, and contains all supporting materials as well as the source code tree itself.
Linder, Scott, "Role-Based Access Control Filesystem" (2016). Honors Theses. 2768.
Honors Thesis-Open Access
user_manual.pdf (57 kB)
presentation.pdf (610 kB)
example.mp4 (18337 kB)