Description
- Access Control Logging
For this assignment, you will develop an access control logging system using the C programming language. The access control logging system will monitor and keep track of every file access and modification that occurs in the system. So, each file access or file modification will generate an entry in a log file. This log file will be inspected by a separate high privileged process.
You will use “LD_PRELOAD”, which instructs the linker to bind symbols provided by a shared library before any other library. This way, you will override the C standard library functions that handle file accesses and modifications (fopen, fwrite) with your own versions in order to offer the extra functionality you are requested.
Important: The current assignment is required for your next assignment. This means that if you skip the current assignment, to fully implement the next one you will have to implement both.
Step 1: Access Control Logging tool
As reported above you are requested to develop a shared library, named “logger.so”, that overrides the C standard I/O library using the LD_PRELOAD. Specifically, your own versions of fopen and fwrite will collect and log the needed information for each file access, before continuing with the standard I/O operation. The log file should be named “file_logging.log”. The log file must be
stored somewhere, where it can be accessible by all users. Each log entry should contain the following information:
|
privileges. It is 1 if the action was denied to the user, or 0 otherwise. fingerprint is the hash value of the file contents (hint: You can use the md5 hash functions: https://www.openssl.org/docs/man1.1.0/man3/MD5_Init.html ). |
Notes
Each log entry should have all the above 7 fields. In order to find the filepath from FILE*: from the
file pointer find the file descriptor, and from the file descriptor find the file name. Events that must be logged:
|
need to be intercepted and information about the user and the file access has to be collected. Every fopen()/fwrite() function should create a new entry in a log file. |
Step 2: Access Control Log Monitoring tool
Develop a log monitoring tool, named “acmonitor.c”, which will be responsible for monitoring the logs created by the Access Control Logging tool (Step 1). This log monitoring tool will:
- Parse the log file generated in Step 1 and extract all incidents where malicious users1 tried to access multiple files without having permissions. As an output, the tool should print all users that tried to access more than 7 different files without having permissions i.e. print those users (uids) that tried to access at least 7 different files, without actually having the permissions.
- Given a filename, the log monitoring tool should track and report all users that have accessed the specific file. By comparing the digital fingerprints/hash values, the log monitoring tool should check how many times the file was indeed modified. As an output, the log monitoring tool is expected to print a table with the number of times each user has modified it.
note: the creation of a file produces a file fingerprint X1, and writing into this file produces another file fingerprint X2. As “a modification” we consider a transition from X1 to X2.
Step 3: Test the Access Control Logging & Log Monitoring tools
Develop a simple tool, named “test_aclog.c”, that will be used to test and demonstrate the above tasks. The “test_aclog.c” tool has to create/open/modify files, in a way that will create the conditions that the “acmonitor.c” tool searches for. For instance, you should try to open files without having the permission to do so (see Step 2.1), and modify specific files (see Step 2.2). Executing the “test_aclog.c” tool with your custom fopen() and fwrite() functions preloaded, will create the required access control log file entries in “file_logging.log”. Then use the log monitoring tool to get the relevant reports (Step 2). Tool Specification The Access Control Log Monitoring tool (Step 2) will receive the required arguments from the command line upon execution. |
Options |
Prints malicious users |
-m
-i <filename>
1 For this assignment, a “malicious user” is the user that tries to access multiple files without having the permission. For Step 2, when we refer to a “malicious user” we refer to the user that tries to access more than 7 different files without having the permission.
Prints table of users that modified the file given, and the number of modifications |
Help message |
-h
- If no appropriate option was given, the Access Control Monitoring tool has to print the appropriate error message.
- You need to create a Makefile to compile your library and programs (you must submit it with your source code) or you can use the one provided to you.
- You are also provided with a corpus to build your own source code.
- You must submit the following files: README, Makefile, logger.c, logger.so,
acmonitor.c, test_aclog.c
- You need to submit all the source code of your tool, a “Makefile”, and a “README.txt” file that explains briefly your implementation and what you didn’t implement and why. Place all these files in a folder named <yourlastnameAM>_assign3, and then compress it as a .zip file that you will upload to eclass. For example: christodoulou2018123456_assign3.zip.
- The README.txt file is important to submit.
- Very important: execute the command gcc –-version and write whatever the output is into your
README.txt file, e.g. “gcc (Ubuntu 9.3.0-10ubuntu2~20.04)”
- The tool’s corpus provided with this assignment is just an example. Feel free to define your own
functions or change the signatures of the given functions (except for fopen() and fwrite()). You can even re-design it from scratch. However, the options defined in the “Tool specification” section must remain as-is.
- If you are having a problem with LD_PRELOAD of the library go to terminal and do “make run” (after make). Don’t do ./test_aclog.
- In terminal, you might need to run LD_PRELOAD=./logger.so ./test_aclog.
- Please use the given code as guide, and then make any changes you might need as long as you will deliver the requirement of assignment. For example: you can modify the way you manipulate the variables in the struct, e.g. date and time can be placed in the same
variable instead of separate.
- You can develop any new functions/include any new files you might want. This means
that the code doesn’t have to be developed entirely within your fopen or frwite.
- If a user attempts to open a file that does not exist, using for example mode “r”, fopen will fail. You have to keep log of every call in the fopen and fwrite you have developed (in fopen
the file path passes as an argument).
- Access type : fopen() should be “0” for file create, and “1” for file open.
- File hash value changes: Every fwrite() creates a new entry in the log file. Whenever the
content and the size of the file are changed, the fingerprint is also changed.
Notes
- File fingerprint : You should calculate it into your fopen() και fwrite(), after you have called the fopen() και fwrite() of the standard library.
- In the logfile, you should have an entry for every calling of fopen and fwrite. In the case you cannot calculate the file fingerprint, then leave it “0”.
- When the content of the file is the same, then the MD5 you get from MD() will be the same.
- Prior to start creating your own fopen() και fwrite() get help from man page, e.g. for the
return values of fwrite().
- From the man page study the return values of fopen(). Your fopen() should be doing
exactly the same as the fopen() of standard library and creating an entry in the log file. All
modes should be supported e.g. r+ w+ a+.
- Issue with file fingerprint: some characters might get converted to newline and there is a
problem with reading the logfile via fscanf(). Possible solution: use function fread() after putting fseek() at the beginning of the file. If you write into the logfile using fprintf(), and read with fscanf(), try using %s instead of %02x.
- We will check your own test_aclog so you should submit it along with the necessary files, e.g. files your open/write.
- How you will test your program is your own decision, but you will be graded based on the requirements of the assignment.
- Submitted code will be tested using plagiarism-detection software.
Example
You need to use LD_PRELOAD to instruct the linker to load your implementation of fopen/fwrite before any other library. Example below: