No description, website, or topics provided.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
config_parse
test_files
.gitignore
Makefile
README.md
loader.c
netlink.c
netlink.h
socktls.h
tls_common.c
tls_common.h
tls_inet.c
tls_inet.h
tls_unix.c
tls_unix.h
tls_upgrade.c
tls_upgrade.h

README.md

Secure Socket API (SSA)

The SSA is a Linux kernel module that allows programmers to easily create secure TLS connections using the standard POSIX socket API. This allows programmers to focus more on the developement of their apps without having to interface with complicated TLS libraries. The SSA also allows system administrtors and other power users to customize TLS settings for all connections on the machines they manage, according to their own needs.

Publication

You can read more about the SSA, it's design goals, and features in our USENIX Security 2018 paper

Prerequisites

The SSA has two components - a kernel module (this repository) and a userspace daemon. Both need to be installed and running to provide TLS as an operating system service. The userspace daemon has its own README with installation instructions.

Before building the SSA kernel module (this repo), you will need to install the relevant kernel headers and development packages for your Linux distribution

For example, on Fedora, run

sudo dnf install kernel-devel kernel-headers

Build and Installation

To install the SSA module type these commands into the terminal while in the ssa project folder as root user

make
insmod ssa.ko

Removal

To remove the SSA kernel module, shut down the encryption daemon (if running), and then run the following command as a privileged user:

rmmod ssa

Compatibility

The SSA is actively developed on Fedora, but may work for other distributions with a few minor changes.

Using the SSA

We will be providing a formal API specicification in this README and on owntrust.org in the very near future. Eager users are encouraged to see our publication (linked above), code, or to contact us directly with questions.

Status

The SSA is currently a research prototype. As such, it should not yet be used in any mission critical environments. However, we are working toward release as a viable tool for the general public.