Top : Computers : Software : Operating Systems : Linux : Security :
Kernel
Websites
The Flask operating system security architecture provides flexible support for security policies. The architecture has previously been implemented in two research operating systems, Mach and Fluke, and is now being implemented in the Linux kernel.
site exerpt
Flask: Flux Advanced Security Kernel Flask is an operating system security architecture that provides flexible support for security policies. The architecture was prototyped in the Fluke research operating system. Several of the Flask interfaces and components were then ported from the Fluke prototype to the...Grsecurity is an extensive set of security patches to the 2.4 tree of Linux kernels. The goal of the project is to create the most secure system possible while requiring minimum configuration changes.
site exerpt
grsecurity It offers among many other features:An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configurationChange root (chroot) hardening/tmp race preventionExtensive auditingPrevention of entire classes of exploits related to...The site provides a patch for extended attributes and access control lists for Linux kernel.
site exerpt
Extended attributes and ACLs for Linux This site hosts extended attribute and access control list kernel patches for the 2.4 kernel series (ext2, ext3, nfs) and for the 2.6 kernel series (nfs The 2.6 kernel already includes support for ext2, ext3, jfs and xfs. A few...The Linux Encryption-HOWTO seeks to describe all major development activities around Linux that provide encryption features to the kernel.
site exerpt
The Linux Encryption HOWTO Homepage Making available a web location to refer to when it comes to telling people where to find it. The latest version of the HOWTO is v0.2.2 (Oct 04, 2000) and is available here as tarred HTML, DVI or SGML Source....The main aim of the project is to introduce Mandatory Access Control (MAC) mechanism into Linux, based on capabilities, filesystem access domains, IP labeling lists and socket access control.
site exerpt
LinSec About Linux native capability model to allow fine grained delegation of individual capabilities to both users and programs on the system. No more allmighty root! Filesystem Access Domain subsystem allows restriction of accessible filesystem parts for both individual users and programs....The Linux Security Modules (LSM) project provides a lightweight, general purpose framework for access control. The LSM framework allows access control models to be implemented as loadable kernel modules. LSM is the only Secure Linux project that has a chance of being included into a mainstream OS kernel (supposedly 2.5).
site exerpt
Linux Security Module The struct sock security label is now called sk_security. Also, updated early init patch. Patch 2.5.70-lsm1 Tue Jun 2, 2003 A 2.5.70 patch has been released. Includes reworked SELinux module, DTE updates, initial merge of TPE, and first rev of...Medusa DS9 is a project to enhance the security of Linux kernel, which implements the ZP Security Framework. The main goal of a project is to implement a framework for implementation of any security model (unlike other secure Linux kernel projects).
site exerpt
Medusa DS9 Security System Concepts the first thing you should read Progress and plans the actual state of project README file from the current stable release Change log of the latest stable release Download area (or FTP link) CVS repository Mailing list archive it's...RSBAC is another MAC kernel security enhancement project for Linux. The standard package includes a range of access control models like MAC, RC, ACL. Additionally, the runtime registration facility (REG) makes it easy to implement your own access control model as a kernel module and get it registered at runtime.
site exerpt
home [RSBAC: Extending Linux Security Beyond the Limits] Includes vanilla kernel with the RSBAC patch 2.6.14 2.4.32 Enhanced kernels Kernels including latest security fixes, goodies, and of course PaX+RSBAC 2.6.14 (20051114) 2.4.32 (20051122) SVN Cutting edge RSBAC source code, can be unstable sometimes Events No events planned 1.2.6pre1...Stiksecmod is another loadable kernel module (LKM) to offer labeling, privileges, and auditing for Linux. The project seems to be in early stages of development (alpha code).
site exerpt
Module is to provide a vehicle for the creation of label based security policies. The module is implemented for the Linux 2.4.x kernels. Click here to download...