Projects

From Linux Kernel Security Subsystem
(Difference between revisions)
Jump to: navigation, search
(Access Control)
(Access Control)
Line 4: Line 4:
  
 
* [http://vger.kernel.org/vger-lists.html#linux-security-module Linux Security Modules (LSM)], the API for access control frameworks  
 
* [http://vger.kernel.org/vger-lists.html#linux-security-module Linux Security Modules (LSM)], the API for access control frameworks  
* AppArmor, a pathname-based access control system.
+
* [http://www.novell.com/linux/security/apparmor/ AppArmor], a pathname-based access control system  
* Security Enhanced Linux (SELinux), a flexible and fine-grained MAC framework.
+
* [http://selinuxproject.org/page/Main_Page Security Enhanced Linux (SELinux)], a flexible and fine-grained MAC framework  
* SMACK, the Simplified Mandatory Access Control Kernel for Linux.
+
* [http://www.schaufler-ca.com/ Smack], the Simplified Mandatory Access Control Kernel for Linux  
* TOMOYO, another pathname-based access control system (LiveCD available).
+
* [http://tomoyo.sourceforge.jp/ TOMOYO], another pathname-based access control system (LiveCD available)  
* grsecurity, extensive security enhancement patch for the Linux kernel (RBAC, chroot hardening, auditing, stack/heap protection randomization and more...).
+
* [http://grsecurity.net/features.php grsecurity], extensive security enhancement patch for the Linux kernel (RBAC, chroot hardening, auditing, stack/heap protection randomization and more...)  
* RSBAC: Rule Set Based Access Control, Linux kernel patch implementing a security framework.
+
* [http://www.rsbac.org/why Rule Set Based Access Control (RSBAC)], Linux kernel patch implementing a security framework  
* FBAC-LSM: aims to provide easy to configure (functionality-based) application restrictions.
+
* [http://schreuders.org/FBAC-LSM FBAC-LSM] aims to provide easy to configure (functionality-based) application restrictions
  
 
=== Integrity ===
 
=== Integrity ===

Revision as of 12:32, 9 April 2012

Contents

Kernel Security Projects

Access Control

Integrity

This is a rapidly developing area, see the following LWN article for an overview:

  • System integrity in Linux.


Privileges

  • POSIX File Capabilities
    • Filesystem capabilities in Fedora 10 LWN article.


Networking

There are several separately maintained projects relating to network security, including:

  • Netfilter packet filtering.
  • Labeled Networking, including NetLabel, CIPSO, Labeled IPsec and SECMARK, see Paul Moore's blog.
  • NuFW authenticating firewall based on netfilter


Storage

  • Labeled NFS, a project to add MAC labeling support to the NFSv4 protocol.


Cryptography

The cryptographic subsystem is maintained separately by Herbert Xu, refer to the mailing list.

Personal tools
Namespaces

Variants
Actions
Navigation
Tools