Extend USBGuard to support external authorization policy sources

The USBGuard project provides user space components for implementing USB device authorization policies on Linux based systems. Currently, these authorization policies can be stored only in a local file. The aim of this thesis is to extended USBGuard to support multiple policy sources, including LDAP and SSSD. This will allow for centralized management of USB device authorization policies via LDAP and other backends.

Motivation

Centralized management of security and compliance policies is a basic requirement of good IT security practices. Extending USBGuard with centralized management capabilities would extend the applicability of the project from single machine deployments to company-wide computer infrastructures.

Deliverables

  • Internal API for implementing policy source backends
  • LDAP backend, including tests
  • SSSD backend, including tests
  • Documentation
You must be logged in to perform this action!

Daniel Kopeček

Team:
Location: Brno