systrace for linux

systrace for linux

[Niels Provos]

Hi,

Marius A. Eriksen just finished the Linux port of systrace.  You can
find the kernel patch at

  http://www.citi.umich.edu/u/provos/systrace/linux.html

Systrace is a fine grained sandbox for applications and system services.
It supports interactive policy generation, intrusion detection, policy
enforcement, privilege elevation, etc.  More information at

  http://www.citi.umich.edu/u/provos/systrace/

Comments are appreciated.

Niels.

Re: systrace for linux

[Karim Yaghmour]

Hello Niels,

This is the sort of facility which can easily go on top of the existing
LTT infrastructure (http://www.opersys.com/LTT) since most of the events
you need are already cleanly caught by LTT. If we'd reintegrate the
event callback mechanisms we removed on Ingo Molnar's request (albeit
exporting them as GPLonly this time), systrace would then be easily
maintained as a loadable kernel module. In addition, since LTT already
has appropriate hooks for 6 architectures, systrace would immediately
become available on those archs (i386, PPC, S/390, ARM, MIPS, SH).

Karim

Niels Provos wrote:
> Marius A. Eriksen just finished the Linux port of systrace.  You can
> find the kernel patch at
> 
>   http://www.citi.umich.edu/u/provos/systrace/linux.html
> 
> Systrace is a fine grained sandbox for applications and system services.
> It supports interactive policy generation, intrusion detection, policy
> enforcement, privilege elevation, etc.  More information at
> 
>   http://www.citi.umich.edu/u/provos/systrace/
> 
> Comments are appreciated.

===================================================
                 Karim Yaghmour
               karim@opersys.com
      Embedded and Real-Time Linux Expert
===================================================