- Information
- AI Chat
Was this document helpful?
Assignment 4-Crypto FS-SP17
Course: Introduction to Operating Systems (CMPS 111)
15 Documents
Students shared 15 documents in this course
University: University of California, Santa Cruz
Was this document helpful?
Cryptographic File System
Dr. Karim Sobh
Computer Science Department
Jack Baskin School of Engineering
University of California, Santa Cruz
Spring 2017
Assigned: Thursday 18 May at 17:00
Due: Thursday 1 June at 15:00
Goals
The goal of this project is to implement a simple cryptographic file system in the FreeBSD kernel
at the VFS layer. This file system will encrypt on a per-file basis, in contrast to what is commonly
known as full-disk encryption.
As with Assignment 3, this project will give you further experience in experimenting with
operating system kernels, and doing work in such a way that when done incorrectly will almost
certainly crash a computer, corrupt files and quite likely find that you can no longer read the
disk – so be sure to take a snapshot before you build your first modified kernel for Asgn4. Do
commit and push your code to the server often as always as reverting to a snapshot would also
revert your code on the VM and you may lose all your latest code modifications permanently.
Basics
The goal of this assignment is to give you additional experience in modifying FreeBSD and to
gain some familiarity with the file system. File systems are complex, so implementing a
complete file system is too large of a task for this course. Instead, for this assignment you are to
implement encryption in the FreeBSD file system. The file system blocks on the disk are to be
encrypted using the AES (Advanced Encryption Standard) algorithm on a per-file basis. It might
seem simpler to encrypt every block on the disk, and in some ways, it is, but it also adds
complexities that we do not have time to deal with at this stage. The result is that when an
application makes a read system call the block must be decrypted, and when it makes write
system call the block must be encrypted. You will do this by adding a new stackable layer using
the VFS interface that abstracts low-level file systems to the upper levels of the operating
system.
You must implement:
●A system call that adds an encryption/decryption key for a particular user ID.
●Operating system code that applies the key to a file if all of the following apply: