SOFI (Subjects and Objects with Floating Integrity) security model implementation as a C++ library.
Martin Beran
This software is available under the terms of BSD 2-Clause License, see file LICENSE.md.
For motivation and an introduction to the SOFI model, see a longer introductory text. It contains esentially the concatenation of the two Quora posts referenced below.
My older experiments regarding to the SOFI model:
- FreeBSD MAC kernel module
- Proof-of-concept implementation in Prolog
- Articles in my series about software engineering on Quora: Secure or Secured Software? and Secure or Secured Software? A Proposed Solution
This is a header-only library. To use it, simply add to your C++ source:
#include "soficpp/soficpp.hpp"
There is a CMake configuration to build and run tests:
cmake -S . -B build -D CMAKE_BUILD_TYPE=Debug -D USE_LTO=OFF
cmake --build build -j `nproc`
cmake --build build -t test
There is an experimental SOFI system controlled by program sofi_cpp, with
persistent state stored in an SQLite databse.
cmake --build build -t doc doxygen
There are some Markdown documents, for example, this text. If CMake finds
a program for converting Markdown to HTML (markdown or markdown_py), it
creates target doc and adds it to all. It creates HTML version of Markdown
documentation in the build directory.
The library and test programs are documented using Doxygen. If CMake finds
Doxygen, it creates target doxygen that generates HTML documentation into
subdirectory html/ of the build directory, e.g.,
build/html/index.html.