Difference between revisions of "Projects"

From Linux Kernel Security Subsystem
Jump to navigation Jump to search
(New page: == Kernel Security Projects == === Access Control === * Linux Security Modules (LSM), the API for access control frameworks. * AppArmor, a pathname-based access control system. * Secur...)
 
Line 3: Line 3:
=== Access Control ===
=== Access Control ===


* Linux Security Modules (LSM), the API for access control frameworks.
* [http://vger.kernel.org/vger-lists.html#linux-security-module Linux Security Modules (LSM)], the API for access control frameworks  
* AppArmor, a pathname-based access control system.  
* AppArmor, a pathname-based access control system.  
* Security Enhanced Linux (SELinux), a flexible and fine-grained MAC framework.  
* Security Enhanced Linux (SELinux), a flexible and fine-grained MAC framework.  
Line 10: Line 10:
* grsecurity, extensive security enhancement patch for the Linux kernel (RBAC, chroot hardening, auditing, stack/heap protection randomization and more...).  
* grsecurity, extensive security enhancement patch for the Linux kernel (RBAC, chroot hardening, auditing, stack/heap protection randomization and more...).  
* RSBAC: Rule Set Based Access Control, Linux kernel patch implementing a security framework.  
* RSBAC: Rule Set Based Access Control, Linux kernel patch implementing a security framework.  
* FBAC-LSM: aims to provide easy to configure (functionality-based) application restrictions.  
* FBAC-LSM: aims to provide easy to configure (functionality-based) application restrictions.
 


=== Integrity ===
=== Integrity ===

Revision as of 12:29, 9 April 2012

Kernel Security Projects

Access Control

  • Linux Security Modules (LSM), the API for access control frameworks
  • AppArmor, a pathname-based access control system.
  • Security Enhanced Linux (SELinux), a flexible and fine-grained MAC framework.
  • SMACK, the Simplified Mandatory Access Control Kernel for Linux.
  • TOMOYO, another pathname-based access control system (LiveCD available).
  • grsecurity, extensive security enhancement patch for the Linux kernel (RBAC, chroot hardening, auditing, stack/heap protection randomization and more...).
  • RSBAC: Rule Set Based Access Control, Linux kernel patch implementing a security framework.
  • FBAC-LSM: aims to provide easy to configure (functionality-based) application restrictions.

Integrity

This is a rapidly developing area, see the following LWN article for an overview:

  • System integrity in Linux.


Privileges

  • POSIX File Capabilities
    • Filesystem capabilities in Fedora 10 LWN article.


Networking

There are several separately maintained projects relating to network security, including:

  • Netfilter packet filtering.
  • Labeled Networking, including NetLabel, CIPSO, Labeled IPsec and SECMARK, see Paul Moore's blog.
  • NuFW authenticating firewall based on netfilter


Storage

  • Labeled NFS, a project to add MAC labeling support to the NFSv4 protocol.


Cryptography

The cryptographic subsystem is maintained separately by Herbert Xu, refer to the mailing list.