COP4600 P1: System Calls Solved

50.00 $ 37.50 $

Category: Tags: , , , ,
Click Category Button to View Your Next Assignment | Homework

You'll get a download link with a: . zip solution files instantly, after Payment

Description

5/5 - (1 vote)

Overview

You will implement a system call in Reptilian along with two static library functions that allow the system call to be invoked from a C API. These custom system calls will get and set a custom process table attribute you will create, called security level.  We will provide a program that exercises and demonstrates the new call. You’ll then create a short video to demonstrate your code. You’ll submit the project via Canvas.

 

NOTE: Take Snapshots in VirtualBox! You will likely brick your machine at some point during this or other projects, and you will not want to start from scratch. No, seriously – take snapshots!

Structure

The project is broken into four main parts:

 

  • Create a custom security level attribute for all processes.
  • Create system calls that allows a process to get or set the security level of a process.
  • Create static library functions that allow the system calls to be invoked via a C API.

 

 

User Program Library System Call

Figure 1: A system call invoked from a user program

 

While exact implementation may vary, the library functions must match the signatures laid out in this document, and the system calls must apply the security model properly.

 

System Call

Each process in the modified system will have a security level. The rules for this system will be based on a write restricted access model, namely:

 

  • All processes should be initialized with a security level of zero (0).
  • A process running as the superuser may read and write the security level of any process.
  • A user process can read the security level of any process.
  • A user process can write the security level of a process at a lower level.
  • A user process may only raise the level of a process to its own level (not above it).
  • A user process can lower its own security level (but not that of other processes with the same level).

 

The security level of each process must be stored in the process table; as such, you will need to modify the process table to add an entry for it. They are called via syscall(call_number, param1, param2). Your system call must be limited to no more than two parameters!

 

Static Library

You will create a static library to invoke the system calls in a directory named securitylevel. This will be composed of a header with name securitylevel.h and a static library file named libsecuritylevel.a. You will also need to provide a Makefile for this library in the directory. All other sources must be contained within the securitylevel directory. Please note, these names of these files must match exactly!

 

You will create a tarred gzip file of the securitylevel directory with name securitylevel.tar.gz. When testing your code, we will decompress the archive, enter the securitylevel directory, and build. All functions enumerated below must be made available by including “securitylevel.h”. See Submission for details.

 

In addition to the standard library functions, you will implement testing harness functions. The testing harness functions are used to verify security of the system calls from the system library (and are required for full credit on this assignment). We will call these functions to retrieve the information needed to make a system call. We will then call the system call within our own program. This ensures that no security checks are being done in the user-level library.

Figure 2: The harness functions can be used to simulate the system calls

 

 

Library Functions

These functions are to be used by programs.

 int set_security_level(int pid, int new_level)

Invokes system call which attempts to change the process identified by pid to security level new_level. Returns new_level on success, and -1 otherwise.

 

int get_security_level(int pid)

Invokes system call which reads the security level of the process identified by pid. Returns the security level on success, and -1 otherwise.

 

Harness Functions

System call parameter retrieval data should be returned as a pointer to an int array of 2-4 values that can be used to make the system call. It has this format:

 

{ call_number, num_parameters [, parameter1] [, parameter2] }

 

e.g.: { 42, 2, 867, 5309 } à syscall(42, 867, 5309)

 

int* retrieve_set_security_params (int pid, int new_level)

Returns an int array of 2-4 values that can be used to make the set-security system call.

 

int* retrieve_get_security_params (int pid)

Returns an int array of 2-4 values that can be used to make the get-security system call.

 

int interpret_set_security_result (int ret_value)

After making the system call, we will pass the syscall return value to this function call. It should return set_security_level’s interpretation of the system call completing with return value ret_value.

 

int interpret_get_security_result (int ret_value)

After making the system call, we will pass the syscall return value to this function call. It should return get_security_level’s interpretation of the system call completing with return value ret_value.

 

Submissions

You will submit the following at the end of this project:

 

  • Report on Canvas
  • Screencast on Canvas
  • Kernel Patch File (diff) on Canvas
  • Compressed tar archive (tar.gz) for securitylevel library on Canvas

 

Report

Your report will explain how you implemented the new system call, including what changes were made to which files and why for each.  It will describe how testing was performed and any known bugs. The report may be in Portable Document Format (pdf) and should be no more than a page. It should cover all relevant aspects of the project and be organized and formatted professionally – this is not a memo!

 

Screencast

In addition to the written text report, you should submit a screencast (with audio) walking through the changes you make to the operating system to enable the system calls (~5 minutes).

 

Patch File

The patch file will include all changes to all files in a single patch. Applying the patches and remaking the necessary parts of Reptilian, then rebooting and then building the test code (which we will also copy over) should compile the test program.

 

Your project will be tested by applying the patch by switching to /usr/rep/src/kernel and running:

 

$ git apply p1.diff

$ make && sudo make install && sudo make modules_install

 

Compressed Archive (securitylevel.tar.gz)

Your compressed tar file should have the following directory/file structure:

 

securitylevel.tar.gz    securitylevel.tar        securitylevel (directory)                securitylevel.h

Makefile

(Other source files)

 

To build the library, we will execute these commands:

 

$ tar zxvf securitylevel.tar.gz

$ cd securitylevel

$ make $ cd .. 

To link against the library, we will execute this command:

 

$ cc -o program_name sourcefile.c -L ./securitylevel -lsecuritylevel

 

Please test your library build and linking before submission! If your library does not compile it will result in zero credit (0, none, goose-egg) for the library portion of the project.

  • cop4600proj1.zip