Operating Systems Security

Ahmed Walid   ·   Jana Ashraf

CCY4304 12th Project: xv6 Medical Device Security
Explore the docs »

Report Bug  ·  Request Feature

Table of Contents

1. About the Project
2. Team
3. Quick Start
   • Fedora / RHEL
   • Debian / Ubuntu / Kali Linux
   • Arch Linux
4. Repository Layout
5. Security Phases
6. Compliance Results
7. Documentation Site
8. Toolchain Versions

---

About the Project

This repository extends xv6-riscv with three security phases to demonstrate OS-level security controls relevant to connected medical devices. The scenario is inspired by the 2019 Medtronic MiniMed 508 insulin pump recall (CVE-2019-10964), where lack of authentication on a wireless interface allowed remote manipulation of insulin doses.

The implementation satisfies the CIA triad requirements for a medical-device OS and maps to FDA 2023 cybersecurity guidance and IEC 62443 security requirements.

(back to top)

---

Team

Name	Student ID	Role
Ahmed Walid Ibrahim	221011183	Developer
Jana Ashraf Ali	221010291	Developer

Lecturer: Prof. Dr. Ayman Adel Abdel-Hamid
Teaching Assistant: Abdelrahman Solyman
Course: CCY4304: Operating Systems Security
University: Arab Academy for Science, Technology and Maritime Transport

(back to top)

---

Quick Start

Fedora / RHEL

sudo dnf install make gcc perl python3 bc qemu-system-riscv-core \
                 gcc-riscv64-linux-gnu binutils-riscv64-linux-gnu \
                 nodejs npm

Debian / Ubuntu / Kali Linux

sudo apt update
sudo apt install make gcc perl python3 bc qemu-system-misc \
                 gcc-riscv64-linux-gnu binutils-riscv64-linux-gnu \
                 nodejs npm

Ubuntu 22.04+ / Kali note: the package qemu-system-misc provides qemu-system-riscv64. On older Ubuntu (20.04) you may need to install QEMU from the QEMU PPA:

sudo add-apt-repository ppa:canonical-server/server-backports
sudo apt update && sudo apt install qemu-system-riscv

Arch Linux

sudo pacman -S make gcc perl python3 bc qemu-system-riscv \
               riscv64-linux-gnu-gcc riscv64-linux-gnu-binutils \
               nodejs npm

AUR alternative: if riscv64-linux-gnu-gcc is not in the official repos for your version, install via AUR:

yay -S riscv64-linux-gnu-gcc riscv64-linux-gnu-binutils

Build and Run

After installing the toolchain on any distro:

# Build the kernel
cd xv6-security
make clean && make

# Boot in QEMU (terminal only)
make qemu-nox

# Press Ctrl-A then X to exit QEMU

Log In

At the secure login prompt:

Username	Password	Role
root	root123	Administrator
admin	admin123	Administrator
doctor1	doctor123	Clinician
patient1	patient123	Patient

Run Compliance Tests

compliance_test
audit_dump

(back to top)

---

Repository Layout

.
├── xv6-security/        Modified xv6-riscv kernel + user programs
│   ├── kernel/          auth.c, perms.c, audit.c, fs.c (modified)
│   ├── user/            login.c, audit_dump.c, compliance_test.c
│   └── mkfs/            mkfs.c (creates medical demo files)
├── docs/                Docusaurus documentation site
│   ├── docs/            Markdown pages for all 7 sections
│   └── src/pages/       Landing page (index.tsx)
└── README.md            This file

(back to top)

---

Security Phases

Phase	Feature	Kernel files
1: Authentication	Login + identity in struct proc (uid/gid/role/authenticated)	kernel/auth.c, kernel/sysproc.c
2: File Permissions	Unix-style mode bits + owner on every inode; DAC at 4 hook points	kernel/fs.c, kernel/perms.c, kernel/sysfile.c
3: Audit Log	256-entry kernel ring buffer, spinlock-protected, admin-only read	kernel/audit.c, kernel/trap.c

(back to top)

---

Compliance Results

(back to top)

---

Documentation Site

The full documentation is hosted at ossec.ahmeddwalid.me.

To build locally:

cd docs
npm install
npm run build
npm run serve    # preview at http://localhost:3000

(back to top)

---

Toolchain Versions

Tool	Version used
riscv64-linux-gnu-gcc	15.2.1
qemu-system-riscv64	10.2.2
make	4.4.1
Node.js	22.x

(back to top)