Description
The goal of this assignment is to get familiar with Linux le system APIs. In this assignment, you are to implement a secure library (SecureFS) on top of the existing le system interfaces that raises the alarm if the integrity of the les created through the secure library APIs is compromised. At the high-level, SecureFS maintains a Merkle tree for every le to check the consistency of le blocks before every read and write. The root of the Merkle tree is saved on disk to verify the integrity of les after reboot.
-
Cryptographic hash function
A cryptographic hash function generates a 20 bytes hash value of a given string of any length. The hash is computed in such a manner that it is infeasible to nd two strings whose hash value are the same.
-
Merkle tree
A Merkle tree is a tree of hashes of data blocks. The le is divided into data blocks (you have to use 64 bytes data blocks) of xed size. The leaf nodes of a Merkle tree are the hash values of le blocks. An internal node of a Merkle tree is the hash of concatenation of hashes of its child nodes. The root of the Merkle tree is the unique hash of the entire le.
-
Integrity check
To check the integrity of le, SecureFS computes a unique hash value from the le contents and store in secure.txt le. SecureFS assumes that secure.txt cannot be tampered. When a le is opened, SecureFS creates a Merkle tree (in memory) from the le blocks. secure.txt contains the root of the Merkle tree corresponding to every le created by the SecureFS interface. Whenever a le is modi ed the Merkle tree is updated, and the root of the Merkle tree is synced with the secure.txt. The in-memory Merkle tree is deleted when the le is closed.
1
-
Implementation
Read the man pages of open, close, read, write, and lseek system calls.
Download the base les using:
git clone https://github.com/Systems-IIITD/filesys.git
get sha1 hash returns a 20 bytes hash value of an input bu er of a given length. The nodes of the Merkle tree contains the 20 bytes hash returned through get sha1 hash API. To create a Merkle tree, you have to divide the les into 64 bytes blocks. You are to implement the following interfaces in filesys.c.
filsys init: filesys init creates the secure.txt le if it doesn’t ex-ist. It also checks the integrity of all the les whose hashes are present in secure.txt. If a le doesn’t exist, filesys init removes the corre-sponding entry from secure.txt. If the integrity of an existing le is compromised filesys init returns 1. filesys init returns 0 on suc-cess.
s open: s open builds the Merkle tree from the le data and compares the root hash with the one stored in secure.txt. s open returns -1, if the integrity check fails. If the le doesn’t exist, a new entry is created in secure.txt. If the le is going to be truncated, s open updates the Merkle tree and secure.txt entry accordingly.
s read: s read computes the blocks of the le that need to be read. After reading these blocks s read checks the integrity using the Merkle tree. If the integrity check fails, then -1 is returned to the caller.
s write: Before writing, s write checks the integrity of le blocks that are going to be modi ed. On failing the integrity check, -1 is returned to the caller. s write updates the Merkle tree, synchronize root hash with secure.txt and write modi ed blocks of the le.
s lseek: s lseek ensures that SEEK END points to the size of the le updated through the SecureFS APIs.
-
Grading
Execute ‘‘make && make run’’ in the filesys folder to run the test cases. The lesys folder contains four test cases. Each test case carries one mark. The design documentation is of two marks. You are eligible for design documentation marks if all the test cases are passing.
-
Design documentation
Read the man page of fsync system call. Answer the following questions.
2
Which test cases are failing? If none, mention all test cases are passing? Will you be able to check the integrity of all les after a crash (power failure). If yes, please discuss how your design ensures consistency after a crash. If no, suggest a scheme using standard le system APIs (including fsync), that ensures the consistency of les contents with the stored hashes
after a power failure.
-
Submission
This is a group assignment. Upload a pdf le of your design documentation at the provided link. You must follow the naming convention as group id.pdf. Upload the entire filesys folder at the submission link.
3
