[cap-talk] First beta MattockFS
2 views
Skip to first unread message
rmeijer
Jan 19, 2016, 10:52:12 AM1/19/16
to General discussions concerning capability systems.
I think some of you may find this system interesting from an access
control and accountability point of view. I just marked MattockFS as
beta after my test code coverage reached 90%. MattockFS is a combination
of a forensic data repository and a domain specific message bus for
computer forensics data processing.
https://github.com/pibara/MattockFS
The thing some of you will probably object to is that MattockFS
basically implements a read only variant of what in a programming
language would be called pointer arithmetic. It combines this with
privilege separated provenance logging and a sparse-cap interface for
the message bus part and for initializing data (data is frozen after
creation and is than made part of the flat globally accessible read-only
image data address space).
Created this system as part of a research-project for a part-time study
I'm currently doing. The main research topic was about page-cache miss
avoidance in computer forensics frameworks, but being a capabilities nut
I couldn't resist adding an access control and capabilities part to the
project ;-) A thing that kinda messed up my time table resulting in me
spending much more hours on the project than planned.
If anyone has any comments regarding the access control and privsep part
of things, I'm very much open to any feedback in that regard. The main
subject of my paper remains the page-cache part that is probably of less
interest to you guys. Bug reports are also very welcome if you run in to
any bugs ;-)
Regards,
Rob
_______________________________________________
cap-talk mailing list
cap-...@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/cap-talk
control and accountability point of view. I just marked MattockFS as
beta after my test code coverage reached 90%. MattockFS is a combination
of a forensic data repository and a domain specific message bus for
computer forensics data processing.
https://github.com/pibara/MattockFS
The thing some of you will probably object to is that MattockFS
basically implements a read only variant of what in a programming
language would be called pointer arithmetic. It combines this with
privilege separated provenance logging and a sparse-cap interface for
the message bus part and for initializing data (data is frozen after
creation and is than made part of the flat globally accessible read-only
image data address space).
Created this system as part of a research-project for a part-time study
I'm currently doing. The main research topic was about page-cache miss
avoidance in computer forensics frameworks, but being a capabilities nut
I couldn't resist adding an access control and capabilities part to the
project ;-) A thing that kinda messed up my time table resulting in me
spending much more hours on the project than planned.
If anyone has any comments regarding the access control and privsep part
of things, I'm very much open to any feedback in that regard. The main
subject of my paper remains the page-cache part that is probably of less
interest to you guys. Bug reports are also very welcome if you run in to
any bugs ;-)
Regards,
Rob
_______________________________________________
cap-talk mailing list
cap-...@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/cap-talk
Reply all
Reply to author
Forward
0 new messages