From Linux Security Wiki (obsolete)
Revision as of 03:58, 13 August 2010 by Z.cliffe.schreuders (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Kernel Security Projects

Access Control

  • AppArmor, a pathname-based access control system.
  • SMACK, the Simplified Mandatory Access Control Kernel for Linux.
  • TOMOYO, another pathname-based access control system (LiveCD available).
  • grsecurity, extensive security enhancement patch for the Linux kernel (RBAC, chroot hardening, auditing, stack/heap protection randomization and more...).
  • RSBAC: Rule Set Based Access Control, Linux kernel patch implementing a security framework.
  • FBAC-LSM: aims to provide easy to configure (functionality-based) application restrictions.


This is a rapidly developing area, see the following LWN article for an overview:



There are several separately maintained projects relating to network security, including:

  • Labeled Networking, including NetLabel, CIPSO, Labeled IPsec and SECMARK, see Paul Moore's blog.
  • NuFW authenticating firewall based on netfilter


  • Labeled NFS, a project to add MAC labeling support to the NFSv4 protocol.


There are several related works-in-progress in this area:


The cryptographic subsystem is maintained separately by Herbert Xu, refer to the mailing list.

Personal tools