FBAC-LSM is a security mechanism for Linux which retricts applications based on the features they provide, such as "Web Browser" or "Image Editor". By restricting the actions of applications, the damage which can be caused by malware or software vulnerabilities can be significantly reduced. Reusable policy abstractions, known as functionalities, can be used to grant the authority to perform high level features (for example using the Web_Browser functionality) or lower level features (such as using the HTTP_Client functionality) or to grant privileges to access any specified resources. Functionalities are parameterized, which allows them to be adapted to the needs of specific applications. Functionalities are also hierarchical; that is, functionalities can contain other functionalities.
|Tags||Security sandbox restriction access control|
|Operating Systems||Opensuse Linux Linux|
|Implementation||C C++ Qt 4 Linux Security Module LSM|
Release Notes: This is the first release. FBAC-LSM is currently in the early stages of development. It is functional but unstable, and developed against previous versions of the Linux kernel.