Linux, in the tradition of UNIX-like operating systems, implements file system permissions using a rather coarse scheme. While this is sufficient for a surprisingly large set of applications, it is too inflexible for many other scenarios. For that reason, all the major commercial UNIX operating systems have extended this simple scheme in one way or the other. This is an effort to implement POSIX-like Access Control Lists for Linux. Access Control Lists are built on top of Extended Attributes, which can also be used to associate other pieces of information with files such as Filesystem Capabilities, or user data like mime type and search keywords.
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel. In addition to the new features, some versions of the patch contain various security fixes. The "hardening" features of the patch, while not a complete method of protection, provide an extra layer of security against the easier ways to exploit certain classes of vulnerabilities and/or reduce the impact of those vulnerabilities. The patch can also add a little bit more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing.
PLIB is a set of libraries to write games and other realtime interactive applications that are 100% portable across a wide range of hardware and operating systems. It's used by Majik3D, FlightGear, and others, and includes libraries for GUI widgets, sound replay, geometry, scene graph, joystick, and fonts/text.
RFC 2015 defines a proposed Internet standard for sending PGP-encrypted email. This PGP/MIME has been incorporated into several MUAs such as Mutt and (with the AEGYPTEN project) KMail. However, a lot of email clients still don't support it. pgp-mime-handler can decrypt/verify such messages via a pipe, so it can be used as an email filter in many programs or scripts.
OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitates their use in security applications such as authentication, mail encryption, and digital signatures. OpenSC implements the PKCS#11 API so that applications supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On the card, OpenSC implements the PKCS#15 standard, and aims to be compatible with every software/card that does so.
The Aegis VM Project is an ongoing effort to develop a lightweight, secure virtual machine for executing Java bytecode. The VM is intended to be an extension framework for applications or devices that dynamically load and execute untrusted extensions. The Aegis VM will eventually feature a modular bytecode verification architecture, Proof Linking, which supports pluggable verification modules so that various static verification or analysis technologies can be integrated into the VM's dynamic linking process with minimal efforts. This benefit is achieved by allowing verification sessions to communicate with each other only through explicit formulation of proof obligations, the discharging of which is scheduled to happen at specific points of the dynamic linking process to protect the integrity of the VM. A generic framework for formulating, scheduling, and discharging proof obligations is built into the VM.
The iiitAccessServer is a rule-based enterprise authorization system written in Java. It works as a server and is usable with any programming language able to open a socket. The server fetches its data from LDAP and stores it in optimized form in one or more MySQL databases, used as a persistent 2nd-level cache to achieve high performance. The entire system is designed to be scalable and fault-tolerant.