Projects

From Linux Kernel Security Subsystem
(Difference between revisions)
Jump to: navigation, search
(New page: == Kernel Security Projects == === Access Control === * Linux Security Modules (LSM), the API for access control frameworks. * AppArmor, a pathname-based access control system. * Secur...)
 
(Access Control)
Line 3: Line 3:
 
=== Access Control ===
 
=== Access Control ===
  
* Linux Security Modules (LSM), the API for access control frameworks.
+
* [http://vger.kernel.org/vger-lists.html#linux-security-module Linux Security Modules (LSM)], the API for access control frameworks  
 
* AppArmor, a pathname-based access control system.  
 
* AppArmor, a pathname-based access control system.  
 
* Security Enhanced Linux (SELinux), a flexible and fine-grained MAC framework.  
 
* Security Enhanced Linux (SELinux), a flexible and fine-grained MAC framework.  
Line 10: Line 10:
 
* grsecurity, extensive security enhancement patch for the Linux kernel (RBAC, chroot hardening, auditing, stack/heap protection randomization and more...).  
 
* grsecurity, extensive security enhancement patch for the Linux kernel (RBAC, chroot hardening, auditing, stack/heap protection randomization and more...).  
 
* RSBAC: Rule Set Based Access Control, Linux kernel patch implementing a security framework.  
 
* RSBAC: Rule Set Based Access Control, Linux kernel patch implementing a security framework.  
* FBAC-LSM: aims to provide easy to configure (functionality-based) application restrictions.  
+
* FBAC-LSM: aims to provide easy to configure (functionality-based) application restrictions.
 
+
  
 
=== Integrity ===
 
=== Integrity ===

Revision as of 12:29, 9 April 2012

Contents

Kernel Security Projects

Access Control

  • Linux Security Modules (LSM), the API for access control frameworks
  • AppArmor, a pathname-based access control system.
  • Security Enhanced Linux (SELinux), a flexible and fine-grained MAC framework.
  • SMACK, the Simplified Mandatory Access Control Kernel for Linux.
  • TOMOYO, another pathname-based access control system (LiveCD available).
  • grsecurity, extensive security enhancement patch for the Linux kernel (RBAC, chroot hardening, auditing, stack/heap protection randomization and more...).
  • RSBAC: Rule Set Based Access Control, Linux kernel patch implementing a security framework.
  • FBAC-LSM: aims to provide easy to configure (functionality-based) application restrictions.

Integrity

This is a rapidly developing area, see the following LWN article for an overview:

  • System integrity in Linux.


Privileges

  • POSIX File Capabilities
    • Filesystem capabilities in Fedora 10 LWN article.


Networking

There are several separately maintained projects relating to network security, including:

  • Netfilter packet filtering.
  • Labeled Networking, including NetLabel, CIPSO, Labeled IPsec and SECMARK, see Paul Moore's blog.
  • NuFW authenticating firewall based on netfilter


Storage

  • Labeled NFS, a project to add MAC labeling support to the NFSv4 protocol.


Cryptography

The cryptographic subsystem is maintained separately by Herbert Xu, refer to the mailing list.

Personal tools
Namespaces

Variants
Actions
Navigation
Tools