+ All Categories
Home > Documents > Todays scheduledfrws.capibara.com/MattockFSDFRWS_03_ancestors.pdfTodays schedule Asynchronous...

Todays scheduledfrws.capibara.com/MattockFSDFRWS_03_ancestors.pdfTodays schedule Asynchronous...

Date post: 07-Aug-2020
Category:

Documents
Upload: others
View: 1 times
Download: 0 times
Download Report this document
Share this document with a friend
14
Todays schedule Asynchronous processing & tool-chain approach Integrity, privilege separation and capabilities. CarvFS & MinorFS MattockFS core design MattockFS as distributed-framework building block Installation (hands on) File-system as API (hands on) Python API (hands on)
Transcript
Page 1: Todays scheduledfrws.capibara.com/MattockFSDFRWS_03_ancestors.pdfTodays schedule Asynchronous processing & tool-chain approach Integrity, privilege separation and capabilities. CarvFS

Todays schedule

● Asynchronous processing & tool-chain approach● Integrity, privilege separation and capabilities.● CarvFS & MinorFS● MattockFS core design● MattockFS as distributed-framework building block● Installation (hands on)● File-system as API (hands on)● Python API (hands on)

Page 2: Todays scheduledfrws.capibara.com/MattockFSDFRWS_03_ancestors.pdfTodays schedule Asynchronous processing & tool-chain approach Integrity, privilege separation and capabilities. CarvFS

MattockFS

Computer-Forensics File-System

CarvFS & MinorFS

Page 3: Todays scheduledfrws.capibara.com/MattockFSDFRWS_03_ancestors.pdfTodays schedule Asynchronous processing & tool-chain approach Integrity, privilege separation and capabilities. CarvFS

A family tree

2002: OCFA Anycast 2006: CarvFS

2006: Sealed Digital Evidence Bag 2008: MinorFS

Page 4: Todays scheduledfrws.capibara.com/MattockFSDFRWS_03_ancestors.pdfTodays schedule Asynchronous processing & tool-chain approach Integrity, privilege separation and capabilities. CarvFS

A family tree

2002: OCFA Anycast 2006: CarvFS

2006: Sealed Digital Evidence Bag 2008: MinorFS

Page 5: Todays scheduledfrws.capibara.com/MattockFSDFRWS_03_ancestors.pdfTodays schedule Asynchronous processing & tool-chain approach Integrity, privilege separation and capabilities. CarvFS

FUSE

Page 6: Todays scheduledfrws.capibara.com/MattockFSDFRWS_03_ancestors.pdfTodays schedule Asynchronous processing & tool-chain approach Integrity, privilege separation and capabilities. CarvFS

Forensic File-System Architecture

ModuleInstance

User-SpaceFile-System

KernelFUSE EXT*

Disks file

Page 7: Todays scheduledfrws.capibara.com/MattockFSDFRWS_03_ancestors.pdfTodays schedule Asynchronous processing & tool-chain approach Integrity, privilege separation and capabilities. CarvFS

CarvFS

Storage requirements traditional file carving CarvFS allows for zero-storage carving Carved files not copied our but designated CarvPath designations

/mnt/carvfs/mp3/18400+4096_S4096_47912+975.crv

Page 8: Todays scheduledfrws.capibara.com/MattockFSDFRWS_03_ancestors.pdfTodays schedule Asynchronous processing & tool-chain approach Integrity, privilege separation and capabilities. CarvFS

Carvpath designations

Page 9: Todays scheduledfrws.capibara.com/MattockFSDFRWS_03_ancestors.pdfTodays schedule Asynchronous processing & tool-chain approach Integrity, privilege separation and capabilities. CarvFS

Examples

● 0+500.crv● 4096+4096_40960+4096.crv● 4096+4096_S8192_40960+4096.crv● 0+40960/1024+512.crv● DBF49D26….B441C18894793.crv● DBF49D26….B441C18894793/1024+512.crv

Page 10: Todays scheduledfrws.capibara.com/MattockFSDFRWS_03_ancestors.pdfTodays schedule Asynchronous processing & tool-chain approach Integrity, privilege separation and capabilities. CarvFS

Issues with CarvFS

Read-only access to forensic disk image In large cases hundreds of mounted image files OCFA hacks

Bypass CarvFS to write to underlying growing archive

Inefficient hybrid CarvFS/CAS storage

Page 11: Todays scheduledfrws.capibara.com/MattockFSDFRWS_03_ancestors.pdfTodays schedule Asynchronous processing & tool-chain approach Integrity, privilege separation and capabilities. CarvFS

MinorFS

● Least Authority set of user-space file-systems– CapFS : Sparse-capability based tree layer

– ViewFS● Provides pseudo-persistent-processes with a private

$HOME● Provides all processes with a private $TMP

Page 12: Todays scheduledfrws.capibara.com/MattockFSDFRWS_03_ancestors.pdfTodays schedule Asynchronous processing & tool-chain approach Integrity, privilege separation and capabilities. CarvFS

CapFS: '..' considered evil

● Special '..' directory normally designates parent● Capabilities: designation implies authorization● The '..' brakes delegation of sub-trees.

Page 13: Todays scheduledfrws.capibara.com/MattockFSDFRWS_03_ancestors.pdfTodays schedule Asynchronous processing & tool-chain approach Integrity, privilege separation and capabilities. CarvFS

MinorFS, the PPP stack.

● AppArmor: – Take away ambient authority to $HOME , $TMP

– Allow processes to keep secrets by limiting access to /proc/${SOMEPID}/

● MinorFS:– Provide secure private storage for VATs to E.

● The E language:– Provide a fine grained distributed object capability

platform.

Page 14: Todays scheduledfrws.capibara.com/MattockFSDFRWS_03_ancestors.pdfTodays schedule Asynchronous processing & tool-chain approach Integrity, privilege separation and capabilities. CarvFS

MinorFS and CarvFS

● MinorFS– Shows us the value of sparse capabilities and

FUSE for high-integrity system design.

● CarvFS– Shows us the strength of carvpath annotations as

file names.


Recommended
Todays lesson

Todays lesson

Entertainment & Humor

Todays newspaper

Todays newspaper

Documents

TODAYS AGENDA

TODAYS AGENDA

Documents

Todays Restaurant News

Todays Restaurant News

Documents

TODAYS PLAN

TODAYS PLAN

Documents

Todays schedule

Todays schedule

Documents

Todays Featured Article

Todays Featured Article

Documents

Todays Libre 20121008

Todays Libre 20121008

Documents

Table of Contents - WordPress.com · 2010-10-16 · Security Written Qualification Exam (350-018) NASI – NetWare Asynchronous Serial Interface clients Enable – To access the privilege

Table of Contents - WordPress.com · 2010-10-16 · Security Written Qualification Exam (350-018) NASI – NetWare Asynchronous Serial Interface clients Enable – To access the privilege

Documents

Todays Top Arist

Todays Top Arist

Documents

Todays Angus Advantage

Todays Angus Advantage

Documents

Todays Libre 20130723

Todays Libre 20130723

Documents

Todays Drive 2015

Todays Drive 2015

Documents

Depth Imaging: Todays Tool for Risk Reduction Todays Tool for Risk Reduction.

Depth Imaging: Todays Tool for Risk Reduction Todays Tool for Risk Reduction.

Documents

Todays meet

Todays meet

Documents

Todays Turkey

Todays Turkey

Education

Todays Libre 20120611

Todays Libre 20120611

Documents

Todays Mobile Cybersecurity

Todays Mobile Cybersecurity

Documents