Computer security - Teaching material

This page lists the additional material of the course 38039.

Feel free to send me an email to dario.facchinetti@unibg.it, but please use your student email account to send the message (and attach only PDF files).

Topic: Access Control and Sandboxing in OS

In these talks we’re going to discuss some of the standard Access Control methods used to restrict access and strengthen sandboxing in modern Operating Systems. The goal is to understand the pros and cons of Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Capability-based Access Control.

The talks can also be considered a practical introduction to Unix-style permissions, SELinux and Linux capabilities. You’ll learn how to use it and configure it. Also, the slides collect many examples taken from real policies (especially from Linux and Android).

In the third talk we’ll discuss how Android isolates applications from each other and from the system. We’ll also introduce you to our research product SEApp (a modification to the Android Open Source Project to extend MAC to apps).

Introduction to Sandboxing, DAC and MAC

Linux Capabilities

Isolation of apps in Android

Schedule