[Cryptography] Rumpelstiltskin treegraph sparsecap library
Rob Meijer
pibara at gmail.com
Sat Aug 2 06:35:26 EDT 2014
Hi everyone,
My apologies is this mail is a bit dense and filled with external
references, I think its important to sketch the context to underline the
potential importance.
Some years ago I wrote a set proof of concept implementation of a set of
cooperating least authority providing user space file-systems for AppArmor
based Linux systems. This proof of concept was/is called MinorFS. For some
context, here is a Linux Journal article I wrote on this system 5 years
ago.
http://www.linuxjournal.com/magazine/minorfs
At the core of these file systems was a sparsecap (or password capability
if you prefer that term) file-system called capfs. This file-system was
based on an sqlite database with sparsecap to path mappings.
Some time later, I came up with an alternative hash based algorithm that
could possibly do away with the need of a database for capfs. After asking
feedback on this algorithm on the cap-talk mailing list, David
Barbour suggested I' d use HMAC instead of just SHA.
http://www.eros-os.org/pipermail/cap-talk/2012-February/015332.html
Resulting from this feedback, and driven by the idea that a library for
sparsecaps that give access to a DAG shaped authority structure might be
usefull for other things than just a rewrite of Minorfs::capfs,
I recently created a C++ (c++11) library that implements the algorithm,
using crypto++ for its hmac/sha2 crypto primitives.
https://github.com/pibara/Rumpeltreepp
This library basically implements the algorithm described here:
http://minorfs.wordpress.com/2014/02/20/rumpelstiltskin-and-his-children/
http://minorfs.wordpress.com/2014/03/21/rumpelstiltskin-and-his-children-part-2/
Given the fact that my crypto knowledge and my knowledge regarding
implementation and usage pitfalls is relatively limited, I desperately need
a peer review on my Rumpleltree++ source code. When the file-system in
finished, the logic in this library will become a pivotal part of the TCB
of any system built using the full set of file systems that will be layered
on them together with AppArmor. A rewrite of the original MinorFS that wil
aim at retrofitting the taming of shared mutable file system provided by
MinorFS to non MinorFS aware applications in a way that should help
mitigate the effects that Trojans might have in a major way:
http://www.slideshare.net/RobMeijer3/ohm2013-trojans-slides
Thus, if anyone would be able and willing to contribute a peer review to
this library, you will be playing a crucial role in the ultimate goal of
creating a trojan free environment.
Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140802/60302ea8/attachment.html>
More information about the cryptography
mailing list