ACADEMIC TASK- II

CSE - 316
(OPERATING SYSTEM)

COMPUTER SCIENCE AND ENGINEERING

Submitted by:
Name: PUTTA MEHER PRAKASH
Registration number: 12312840
Roll No: 59
Section: K23GX

Submitted to:
Ms. Gagandeep Kaur

LOVELY PROFESSIONAL UNIVERSITY

 USER FRIENDLY SYSTEM CALL INTERFACE FOR
ENHANCED SECURITY

1. )Project Overview:
In contemporary computing, system calls are the interface between user programs and the
operating system. Direct access to system calls is a very serious security risk,
including privilege escalation, unauthorized access, and system vulnerabilities. This
project focuses on designing a User-Friendly System Call Interface
that is easy to use yet more secure.

The major goal is to design an interface that denies unauthorized use of system
calls by applying authentication methods, i.e., multi-factor authentication (MFA) and role-
based access control (RBAC). The system will also offer in-depth logging and
monitoring features to monitor system call operations so that transparency and
security are assured.

Through the use of a structured and safe interface, this project will defend system
resources from abuse while enabling authorized users
to execute required operations effectively. The end system will not only enhance security
but also make system call interactions easier for users with different technical skills.

2. )Module-Wise Breakdown:

To facilitate effective and well-organized implementation, the project has been split into
three main modules: Authentication & Access Control, Secure System Call Interface, and
Logging & Monitoring
System. These modules are individually important for ensuring security and user-
friendliness.

2.1) Authentication & Access Control:

Its in charge of authenticating users and controlling permissions. Through the inclusion
of secure authentication features like multi-factor authentication (MFA), token-
based authentication, and role-based access control (RBAC), the system guarantees that
only legitimate users can perform particular-system calls.
Moreover, session management capabilities will avoid unauthorized
access because of session hijacking or extended periods of inactivity.

2.2) Secure System Call Interface:

This module serves as a middleman between users and the system calls, blocking access to
the operating system directly. It offers a well-organized API that checks user input,
filters out unsafe requests, and implements access rules before making system calls. This
layer not only adds security but also hides system-
level complicated operations, allowing users to work with system calls in a safer manner.
2.3) Logging & Monitoring System:
To ensure transparency and identify possible security risks, this module keeps detailed
logs of every system call request. Every log entry contains details like the user making the
request, the system call made, timestamps, and any access violations. Real-time monitoring
and alerting mechanisms can also be put in place to inform administrators of
suspicious behavior. The logged information can be used to detect unusual patterns
and enhance system security over time.

Upon connecting these three modules, the system provides a safe, user-centric,
and suitably monitored infrastructure for making system calls with lesser security threats

3. ) Functionalities:
The system is meant to offer a secure and easy-to-use interface for making system calls
while avoiding unauthorized access. Each module adds unique functionalities
to improve security, usability, and monitoring.

3.1). Authentication & Access Control

Multi-Factor Authentication (MFA):
Users are required to authenticate with additional means of authentication, i.e., OTPs or
biometrics, in order to improve security.
Role-Based Access Control (RBAC): Permissions for system calls are tied to user
roles so that only legitimate users are able to perform important commands.
Session Management: The system automatically terminates
sessions and forces logouts in case of an inactive user, thus avoiding any unauthorized
access.

3.2.) Secure System Call Interface

System Call Abstraction: A regulated API layer permits users to run system
calls safely without kernel access.
Input Validation: Requests are filtered to avoid malicious inputs
that can take advantage of system weaknesses.
Error Handling & Security Restrictions: The interface offers secure error
messages and blocks unauthorized behavior, minimizing exposure to attackers.

3.3.) Logging & Monitoring System

Detailed Activity Logs: Every system call request
is logged, along with user information, timestamps, and execution status,
for security analysis and auditing.
Anomaly Detection: Abnormal or repeated
failed system call attempts trigger alarms for further examination.
Admin Dashboard for Monitoring: A graphical interface enables system
administrators to browse logs, create security reports, and monitor unusual activity
patterns.

These features blend together to provide an open, secure, and efficient system
that protects important functions while making it easy to use.
4.) Technology Used:
To ensure robust and efficient implementation, the project utilizes a combination of
programming languages, frameworks, and tools tailored for security, authentication, and
system monitoring.

4.1) Programming Languages:

Python (Backend)

HTML, CSS, JavaScript (Frontend)

4.2) Libraries and Tools:

Flask (for creating the backend API)

Flask-JWT-Extended (for authentication using JWT tokens)

Sub-process (to execute system commands securely)

4.3) Other Tools:

GitHub/GitLab: Version control system to track project changes and collaborate

efficiently.
Postman (for API testing)
Web Browser (to run the frontend)

By combining these technologies, the system ensures high security, efficient logging, and
user-friendly interface while maintaining flexibility for future enhancements.

5. Flow Diagram:

Flow of Execution:
1. User Accesses Web Interface → Enters authentication details.
2. Authentication Process → JWT token issued if valid credentials are provided.
3. User Requests System Call Execution → Inputs command via web interface.
4. Backend Validates Request → Checks authentication and permissions.
5. System Call Execution → Runs allowed system calls securely using subprocess.
6. Logging Mechanism → Stores executed commands in a log file.
7. Response Sent to Frontend → Displays output or error message
7.) Conclusion and Future Scope:

The User-Friendly System Call Interface for Advanced Security effectively presents an easy-
to-use yet secure means of allowing users to make system calls while authenticating and
logging processes. Through the use of JWT-based authentication, a Flask backend server,
and a web interface, the system blocks unauthorized access and has elaborate logs
for monitoring security. The system increases system
security through limiting commands by authentication level as well as logging all system
calls made so that they can be audited.

Future Scope:
Role-Based Access Control (RBAC): Expand the
authentication mechanism to include various user roles with limited access based on
permissions.

Advanced Logging & Monitoring: Provide real-time monitoring dashboards for system
call usage analytics and security alerts.

Machine Learning-Based Anomaly Detection: Employ AI to identify suspicious system call

patterns that can represent a security threat.

Multi-Factor Authentication (MFA): Improve security by incorporating OTP-based or

biometric authentication.

Cross-Platform Support: Provide support across different operating

systems such as Windows and macOS.

Secure API Gateway: Use API rate limiting and other layers of security to avoid abuse.

Encryption of Logs: Save logs securely with encryption so they can't be tampered
with unauthorized.

This project builds a solid foundation for secure system call execution,
and subsequent improvements will continue to enhance its security and robustness.

8.) REFERENCES:

Flask Documentation: https://flask.palletsprojects.com

Flask-JWT-Extended: https://flask-jwt-extended.readthedocs.io
Python subprocess module: https://docs.python.org/3/library/subprocess.html
HTML, CSS, and JavaScript MDN Docs: https://developer.mozilla.org
GitHub for version control: https://github.com

Appendix:

A). AI-Generated Project Elaboration/Breakdown Report:

Project Overview:
A secure system call execution interface with authentication, logging, and a user-friendly
web UI to prevent unauthorized access.
Module-Wise Breakdown
1. Authentication & Security – Implements JWT authentication and role-based access.
2. System Call Execution – Securely runs allowed system commands and logs them.
3. Web Interface – HTML-based UI for user interaction with API.
Functionalities:
• Authentication: Secure login with JWT.
• System Call Execution: Restricted and logged command execution.
• Web Interface: User-friendly UI to execute and view results.
Technology Used:
• Languages: Python (Backend), HTML, CSS, JavaScript (Frontend).
• Libraries & Tools: Flask, Flask-JWT-Extended, SQLite, subprocess.
• Other Tools: GitHub (Version Control), Postman (API Testing).
Execution Plan:
1. Build Flask backend with authentication.
2. Implement secure system call execution with logging.
3. Create HTML frontend to interact with the API.
4. Test & deploy the system.

B). Problem Statement:

User-Friendly System Call Interface for Enhanced Security

Design an intuitive system call interface with authentication and logging to prevent
unauthorized access.

C.) Solution/Code;

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Secure System Call Interface</title>
<style>
body { font-family: Arial, sans-serif; text-align: center; background: #f4f4f4; padding:
50px; }
.container { width: 400px; margin: auto; background: white; padding: 20px; border-
radius: 10px; box-shadow: 0px 0px 10px rgba(0,0,0,0.1); }
input, button { width: 90%; padding: 10px; margin: 10px; border-radius: 5px; border:
1px solid #ddd; }
button { background-color: #28a745; color: white; cursor: pointer; }
button:hover { background-color: #218838; }
.hidden { display: none; }
#log-container { text-align: left; max-height: 200px; overflow-y: auto; border: 1px solid
#ddd; padding: 10px; background: #fff; }
</style>
</head>
<body>

<div class="container" id="auth-section">

<h2>Login</h2>
<input type="text" id="username" placeholder="Enter Username">
<input type="password" id="password" placeholder="Enter Password">
<button onclick="login()">Login</button>
</div>

<div class="container hidden" id="system-call-section">

<h2>Execute System Call</h2>
<input type="text" id="command" placeholder="Enter Command">
<button onclick="executeCommand()">Run</button>
<p id="command-output"></p>

<h3>Logs (Admin Only)</h3>

<div id="log-container"></div>
<button onclick="fetchLogs()" id="log-button" class="hidden">Refresh Logs</button>
</div>

<script>
let token = "";
let role = "";

function login() {
 const username = document.getElementById("username").value;
const password = document.getElementById("password").value;

fetch("http://127.0.0.1:5000/login", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ username, password })
})
.then(response => response.json())
.then(data => {
if (data.token) {
token = data.token;
role = data.role;

document.getElementById("auth-section").classList.add("hidden");
document.getElementById("system-call-section").classList.remove("hidden");

if (role === "admin") {

document.getElementById("log-button").classList.remove("hidden");
}
} else {
alert("Login failed!");
}
});
}

function executeCommand() {
const command = document.getElementById("command").value;

fetch("http://127.0.0.1:5000/execute", {
method: "POST",
headers: {
"Content-Type": "application/json",
"Authorization": `Bearer ${token}`
},
body: JSON.stringify({ command })
})
.then(response => response.json())
.then(data => {
document.getElementById("command-output").innerText = data.output || "Error
executing command!";
fetchLogs();
});
}

function fetchLogs() {
fetch("http://127.0.0.1:5000/logs", {
method: "GET",
headers: { "Authorization": `Bearer ${token}` }
})
 .then(response => response.json())
.then(data => {
document.getElementById("log-container").innerHTML = data.logs.map(log =>
`<p>${log}</p>`).join("");
});
}
</script>

</body>
</html>

Python:

from flask import Flask, request, jsonify

from flask_jwt_extended import create_access_token, jwt_required, JWTManager,
get_jwt_identity
import subprocess
import datetime

app = Flask(__name__)
app.config["JWT_SECRET_KEY"] = "your_secret_key"
jwt = JWTManager(app)

# Users with roles

users = {
"admin": {"password": "password123", "role": "admin"},
"user": {"password": "userpass", "role": "user"}
}

# Logs for system call tracking

logs = []

# Pre-approved commands for regular users

allowed_commands = ["ls", "whoami", "pwd"]

@app.route("/login", methods=["POST"])
def login():
data = request.json
username, password = data.get("username"), data.get("password")

if username in users and users[username]["password"] == password:

token = create_access_token(identity={"username": username, "role":
users[username]["role"]})
return jsonify(token=token, role=users[username]["role"]), 200

return jsonify({"msg": "Invalid credentials"}), 401

@app.route("/execute", methods=["POST"])
@jwt_required()
def execute_command():
data = request.json
command = data.get("command")
user_info = get_jwt_identity()
role = user_info["role"]

# Regular users can only execute pre-approved commands

if role == "user" and command.split()[0] not in allowed_commands:
logs.append(f"{datetime.datetime.now()} - {user_info['username']} tried unauthorized
command: {command}")
return jsonify({"error": "Permission denied"}), 403

try:
output = subprocess.check_output(command, shell=True, text=True)
logs.append(f"{datetime.datetime.now()} - {user_info['username']} executed:
{command} -> SUCCESS")
return jsonify({"output": output}), 200
except subprocess.CalledProcessError:
logs.append(f"{datetime.datetime.now()} - {user_info['username']} executed:
{command} -> FAILED")
return jsonify({"error": "Command execution failed"}), 400

@app.route("/logs", methods=["GET"])
@jwt_required()
def get_logs():
user_info = get_jwt_identity()
if user_info["role"] != "admin":
return jsonify({"error": "Permission denied"}), 403

return jsonify({"logs": logs}), 200

if __name__ == "__main__":
app.run(debug=True)