Difference between revisions of "Projects"
Jump to navigation
Jump to search
JamesMorris (talk | contribs) (New page: == Kernel Security Projects == === Access Control === * Linux Security Modules (LSM), the API for access control frameworks. * AppArmor, a pathname-based access control system. * Secur...) |
JamesMorris (talk | contribs) |
||
| Line 3: | Line 3: | ||
=== Access Control === | === Access Control === | ||
* Linux Security Modules (LSM), the API for access control frameworks | * [http://vger.kernel.org/vger-lists.html#linux-security-module Linux Security Modules (LSM)], the API for access control frameworks | ||
* AppArmor, a pathname-based access control system. | * AppArmor, a pathname-based access control system. | ||
* Security Enhanced Linux (SELinux), a flexible and fine-grained MAC framework. | * Security Enhanced Linux (SELinux), a flexible and fine-grained MAC framework. | ||
| Line 10: | Line 10: | ||
* grsecurity, extensive security enhancement patch for the Linux kernel (RBAC, chroot hardening, auditing, stack/heap protection randomization and more...). | * grsecurity, extensive security enhancement patch for the Linux kernel (RBAC, chroot hardening, auditing, stack/heap protection randomization and more...). | ||
* RSBAC: Rule Set Based Access Control, Linux kernel patch implementing a security framework. | * RSBAC: Rule Set Based Access Control, Linux kernel patch implementing a security framework. | ||
* FBAC-LSM: aims to provide easy to configure (functionality-based) application restrictions. | * FBAC-LSM: aims to provide easy to configure (functionality-based) application restrictions. | ||
=== Integrity === | === Integrity === | ||
Revision as of 12:29, 9 April 2012
Kernel Security Projects
Access Control
- Linux Security Modules (LSM), the API for access control frameworks
- AppArmor, a pathname-based access control system.
- Security Enhanced Linux (SELinux), a flexible and fine-grained MAC framework.
- SMACK, the Simplified Mandatory Access Control Kernel for Linux.
- TOMOYO, another pathname-based access control system (LiveCD available).
- grsecurity, extensive security enhancement patch for the Linux kernel (RBAC, chroot hardening, auditing, stack/heap protection randomization and more...).
- RSBAC: Rule Set Based Access Control, Linux kernel patch implementing a security framework.
- FBAC-LSM: aims to provide easy to configure (functionality-based) application restrictions.
Integrity
This is a rapidly developing area, see the following LWN article for an overview:
- System integrity in Linux.
Privileges
- POSIX File Capabilities
- Filesystem capabilities in Fedora 10 LWN article.
Networking
There are several separately maintained projects relating to network security, including:
- Netfilter packet filtering.
- Labeled Networking, including NetLabel, CIPSO, Labeled IPsec and SECMARK, see Paul Moore's blog.
- NuFW authenticating firewall based on netfilter
Storage
- Labeled NFS, a project to add MAC labeling support to the NFSv4 protocol.
Cryptography
The cryptographic subsystem is maintained separately by Herbert Xu, refer to the mailing list.