Prototype Implementation of a Time Interval File Protection System in Linux

摘要

Control of access to information based on temporal attributes has many potential applications. Examples include student user accounts set to expire upon graduation; files marked as time-sensitive so that their contents can be protected appropriately and the period of access to them controlled; and cryptographic keys configured to automatically expire and be unusable beyond a specific time. This thesis implements a prototype of the Time Interval Access Control (TIAC) model in the context of a protected file system for the popular open-source Linux operating system. The Linux Security Module framework is used for the implementation, which includes temporal attributes associated both with the files and the users. The implementation includes modifications to the file system as well as low-level information access constructs. As part of the design process, testing and performance analysis were conducted. Since the temporal access control mechanism is built into the kernel rather than the application, bypassing the mechanism becomes more difficult. Kernel level implementation also affords the same policy enforcement functionality to different applications, thus reducing human errors in their development. This thesis is relevant to the research on dynamic security services for information protection envisioned by the DoD Global Information Grid (GIG).