Difference between revisions of "Projects"
Jump to navigation
Jump to search
Line 40: | Line 40: | ||
The cryptographic subsystem is maintained separately by Herbert Xu, refer to the [http://vger.kernel.org/vger-lists.html#linux-crypto mailing list]. | The cryptographic subsystem is maintained separately by Herbert Xu, refer to the [http://vger.kernel.org/vger-lists.html#linux-crypto mailing list]. | ||
=== Working Group === | |||
* [[Linux Security Workgroup]] |
Revision as of 21:59, 8 October 2012
Kernel Security Projects
Access Control
- Linux Security Modules (LSM), the API for access control frameworks
- AppArmor, a pathname-based access control system
- Security Enhanced Linux (SELinux), a flexible and fine-grained MAC framework
- Smack, the Simplified Mandatory Access Control Kernel for Linux
- TOMOYO, another pathname-based access control system (LiveCD available)
- grsecurity, extensive security enhancement patch for the Linux kernel (RBAC, chroot hardening, auditing, stack/heap protection randomization and more...)
- Rule Set Based Access Control (RSBAC), Linux kernel patch implementing a security framework
- FBAC-LSM aims to provide easy to configure (functionality-based) application restrictions
- Yama adds restrictions to ptrace, providing a programmatic way to declare relationships between processes
Integrity
This is a rapidly developing area, see the following LWN article for an overview:
Privileges
Networking
There are several separately maintained projects relating to network security, including:
- Netfilter packet filtering
- Labeled Networking, including NetLabel, CIPSO, Labeled IPsec and SECMARK, see Paul Moore's blog
- NuFW authenticating firewall based on Netfilter
Storage
- Labeled NFS, a project to add MAC labeling support to the NFSv4 protocol
- dm-verity, a device mapper target for efficient, integrity-assured block devices
Cryptography
The cryptographic subsystem is maintained separately by Herbert Xu, refer to the mailing list.