Projects

From Linux Security Wiki

Contents 1 Kernel Security Projects 1.1 Access Control 1.2 Integrity 1.3 Privileges 1.4 Networking 1.5 Storage 1.6 Anti-Malware 1.7 Cryptography

Kernel Security Projects

Access Control

• Linux Security Modules (LSM), the API for access control frameworks.

• AppArmor, a pathname-based access control system.

• Security Enhanced Linux (SELinux), a flexible and fine-grained MAC framework.

• SMACK, the Simplified Mandatory Access Control Kernel for Linux.

• TOMOYO, another pathname-based access control system (LiveCD available).

• grsecurity, extensive security enhancement patch for the Linux kernel (RBAC, chroot hardening, auditing, stack/heap protection randomization and more...)

• RSBAC: Rule Set Based Access Control, Linux kernel patch implementing a security framework

Integrity

This is a rapidly developing area, see the following LWN article for an overview:

• System integrity in Linux.

Privileges

• POSIX File Capabilities
  • Filesystem capabilities in Fedora 10 LWN article.

Networking

There are several separately maintained projects relating to network security, including:

• Netfilter packet filtering.

• Labeled Networking, including NetLabel, CIPSO, Labeled IPsec and SECMARK, see Paul Moore's blog.

• NuFW authenticating firewall based on netfilter

Storage

• Labeled NFS, a project to add MAC labeling support to the NFSv4 protocol.

Anti-Malware

There are several related works-in-progress in this area:

• fsnotify

• TALPA

• DazukoFS

Cryptography

The cryptographic subsystem is maintained separately by Herbert Xu, refer to the mailing list.