Projects
From Linux Security Wiki (obsolete)
(Difference between revisions)
JamesMorris (Talk | contribs) (→Access Control) |
JamesMorris (Talk | contribs) |
||
Line 12: | Line 12: | ||
* [http://tomoyo.sourceforge.jp/ TOMOYO]. | * [http://tomoyo.sourceforge.jp/ TOMOYO]. | ||
+ | |||
=== Integrity === | === Integrity === | ||
Line 18: | Line 19: | ||
* [http://lwn.net/Articles/309441/ System integrity in Linux]. | * [http://lwn.net/Articles/309441/ System integrity in Linux]. | ||
+ | |||
+ | |||
+ | === Privileges === | ||
+ | |||
+ | * [http://www.friedhoff.org/posixfilecaps.html POSIX File Capabilities] | ||
Revision as of 02:55, 8 January 2009
Contents |
Kernel Security Projects
Access Control
- Linux Security Modules (LSM), the API for access control frameworks.
- AppArmor, a pathname-based access control system.
- Security Enhanced Linux (SELinux), a flexible and fine-grained MAC framework.
- SMACK, the Simplified Mandatory Access Control Kernel for Linux.
Integrity
This is a rapidly developing area, see the following LWN article for an overview:
Privileges
Networking
There are several separately maintained projects relating to network security, including:
- Netfilter packet filtering.
- Labeled Networking, including NetLabel, CIPSO, Labeled IPsec and SECMARK, see Paul Moore's blog.
Storage
- Labeled NFS, a project to add MAC labeling support to the NFSv4 protocol.
Anti-Malware
There are several related works-in-progress in this area:
Crypto
The cryptographic subsystem is maintained separately by Herbert Xu, refer to the mailing list.