This was my fourth year honours project at the University of Edinburgh and contributed to one sixth of the mark used to determine my degree classification - a 2:1 in Software Engineering.
The abstract for the project was as follows:
There are two basic principles of multilevel security systems, no read-up and no write-down. Standard Linux distributions cater for the former through their use of UNIX file permissions; however, enforcing a policy of write- down prevention for high security data has no such default mechanism. The aim of this project was to create an environment in which a user can feel confident that both policies can be applied to their account without requiring administrative access or kernel modification. This was accomplished by creating a shared library, which is dynamically loaded prior to the C Standard Library, to catch system calls and a command-line utility to allow the user to control which policies should be applied to which files.
Be the first to post a review of A Compartmented Security Project!