A dual-sandboxing architecture for protecting system integrity from untrusted processes.
Switch branches/tags
Nothing to show
Clone or download
Pull request Compare This branch is 3 commits ahead of salTermine:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
common
daemon
install
launcher
library
tests
.gitignore
README.md

README.md

Overview

System Integrity Protection (SIP) is a simple mechanism for protecting system integrity while executing untrusted programs. It was developed in collaboration with @colinmonteil and @saltermine as a final project for our Software Security course.

SIP should NOT be used to protect real-world systems.

Architecture

SIP implements a simplified version of the dual-sandboxing architecture described by Wai-Kit Sze and R.Sekar in A Portable User-Level Approach for System-wide Integrity Protection. A description of the differences between our system and the one proposed by Sze and Sekar can be found here.

Compatibility

System Integrity Protection (SIP) has been tested (albeit in a limited fashion) on Ubuntu LTS 16.04.

Installation

To use SIP, simply...

  1. git clone https://github.com/bporcelli/system-integrity-protection/
  2. cd system-integrity-protection/install
  3. sudo install.sh

Usage

After installing SIP, you can use the runt command to execute untrusted programs, e.g. runt rm -rf *.

Uninstallation

To uninstall SIP, cd into the install directory and run the command sudo uninstall.sh.