Kernel Security Projects
- Linux Security Modules (LSM), the API for access control frameworks.
- AppArmor, a pathname-based access control system.
- Security Enhanced Linux (SELinux), a flexible and fine-grained MAC framework.
- SMACK, the Simplified Mandatory Access Control Kernel for Linux.
- grsecurity, extensive security enhancement patch for the Linux kernel (RBAC, chroot hardening, auditing, stack/heap protection randomization and more...).
- RSBAC: Rule Set Based Access Control, Linux kernel patch implementing a security framework.
- FBAC-LSM: aims to provide easy to configure (functionality-based) application restrictions.
This is a rapidly developing area, see the following LWN article for an overview:
There are several separately maintained projects relating to network security, including:
- Netfilter packet filtering.
- Labeled Networking, including NetLabel, CIPSO, Labeled IPsec and SECMARK, see Paul Moore's blog.
- NuFW authenticating firewall based on netfilter
- Labeled NFS, a project to add MAC labeling support to the NFSv4 protocol.
There are several related works-in-progress in this area:
The cryptographic subsystem is maintained separately by Herbert Xu, refer to the mailing list.