Projects

From Linux Kernel Security Subsystem

Revision as of 21:59, 8 October 2012 by KeesCook (talk | contribs) (→‎Kernel Security Projects)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Kernel Security Projects

Access Control

Linux Security Modules (LSM), the API for access control frameworks
AppArmor, a pathname-based access control system
Security Enhanced Linux (SELinux), a flexible and fine-grained MAC framework
Smack, the Simplified Mandatory Access Control Kernel for Linux
TOMOYO, another pathname-based access control system (LiveCD available)
grsecurity, extensive security enhancement patch for the Linux kernel (RBAC, chroot hardening, auditing, stack/heap protection randomization and more...)
Rule Set Based Access Control (RSBAC), Linux kernel patch implementing a security framework
FBAC-LSM aims to provide easy to configure (functionality-based) application restrictions
Yama adds restrictions to ptrace, providing a programmatic way to declare relationships between processes

Integrity

This is a rapidly developing area, see the following LWN article for an overview:

System integrity in Linux

Privileges

POSIX File Capabilities
- Filesystem capabilities in Fedora 10 LWN article

Networking

There are several separately maintained projects relating to network security, including:

Netfilter packet filtering
Labeled Networking, including NetLabel, CIPSO, Labeled IPsec and SECMARK, see Paul Moore's blog
NuFW authenticating firewall based on Netfilter

Storage

Labeled NFS, a project to add MAC labeling support to the NFSv4 protocol
dm-verity, a device mapper target for efficient, integrity-assured block devices

Cryptography

The cryptographic subsystem is maintained separately by Herbert Xu, refer to the mailing list.

Working Group

Linux Security Workgroup

Retrieved from "http://kernsec.org/wiki/index.php?title=Projects&oldid=3412"