TOMOYO Linux
Encyclopedia
TOMOYO Linux is a Mandatory Access Control
(MAC) implementation for Linux
operating systems.
Despite its name, it is not a Linux distribution
.
Overview=
TOMOYO Linux is a MAC
implementation for Linux
that can be used to increase the security of a system, while also being useful purely as a system analysis tool. It was launched in March 2003 and is sponsored by NTT Data Corporation, Japan.
TOMOYO Linux focuses on the behaviour of a system. Every process is created to achieve a purpose, and like an immigration officer, TOMOYO Linux allows each process to declare behaviours and resources needed to achieve their purpose. When protection is enabled, TOMOYO Linux acts like an operation watchdog, restricting each process to only the behaviours and resources allowed by the administrator.
Features=
The main features of TOMOYO Linux include:
History and versions=
It has been recently merged in Linux Kernel mainline version 2.6.30 (2009, June 10); it is currently one of three standard LSM
modules, along with SELinux and SMACK.
The TOMOYO Linux project started as a patch for the Linux kernel to provide MAC
functionality. Porting TOMOYO Linux to the mainline Linux kernel required the introduction of new hooks into the Linux Security Modules
(LSM), which had been designed and developed specifically to support SELinux and its label-based approach.
However, more hooks are needed to port all the remaining MAC
functionality of TOMOYO Linux to the mainline version. Consequently, the project is following two parallel development lines:
Check the detailed differences in the Comparison chart of 1.x and 2.x.
External links=
Mandatory access control
In computer security, mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target...
(MAC) implementation for Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
operating systems.
Despite its name, it is not a Linux distribution
Linux distribution
A Linux distribution is a member of the family of Unix-like operating systems built on top of the Linux kernel. Such distributions are operating systems including a large collection of software applications such as word processors, spreadsheets, media players, and database applications...
.
Overview=
TOMOYO Linux is a MAC
Mandatory access control
In computer security, mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target...
implementation for Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
that can be used to increase the security of a system, while also being useful purely as a system analysis tool. It was launched in March 2003 and is sponsored by NTT Data Corporation, Japan.
TOMOYO Linux focuses on the behaviour of a system. Every process is created to achieve a purpose, and like an immigration officer, TOMOYO Linux allows each process to declare behaviours and resources needed to achieve their purpose. When protection is enabled, TOMOYO Linux acts like an operation watchdog, restricting each process to only the behaviours and resources allowed by the administrator.
Features=
The main features of TOMOYO Linux include:
- System analysis
- Increased security through Mandatory Access Control
- Automatic policy generation
- Simple syntax
- Ease of use
History and versions=
It has been recently merged in Linux Kernel mainline version 2.6.30 (2009, June 10); it is currently one of three standard LSM
Linux Security Modules
Linux Security Modules is a framework that allows the Linux kernel to support a variety of computer security models while avoiding favoritism toward any single security implementation. The framework is licensed under the terms of the GNU General Public License and is standard part of the Linux...
modules, along with SELinux and SMACK.
The TOMOYO Linux project started as a patch for the Linux kernel to provide MAC
Mandatory access control
In computer security, mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target...
functionality. Porting TOMOYO Linux to the mainline Linux kernel required the introduction of new hooks into the Linux Security Modules
Linux Security Modules
Linux Security Modules is a framework that allows the Linux kernel to support a variety of computer security models while avoiding favoritism toward any single security implementation. The framework is licensed under the terms of the GNU General Public License and is standard part of the Linux...
(LSM), which had been designed and developed specifically to support SELinux and its label-based approach.
However, more hooks are needed to port all the remaining MAC
Mandatory access control
In computer security, mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target...
functionality of TOMOYO Linux to the mainline version. Consequently, the project is following two parallel development lines:
- TOMOYO Linux 1.x, original version
- uses purposely created non-standard hooks
- fully featured MACMandatory access controlIn computer security, mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target...
- released as a patch for Linux kernel - Since this version 1.x does not depend on LSM, it can be used with Linux kernel 2.6 (starting from version 2.6.11) as well as 2.4.
- latest version: 1.7.1
- TOMOYO Linux 2.x, mainline version
- uses standard LSMLinux Security ModulesLinux Security Modules is a framework that allows the Linux kernel to support a variety of computer security models while avoiding favoritism toward any single security implementation. The framework is licensed under the terms of the GNU General Public License and is standard part of the Linux...
hooks - currently providing only MACMandatory access controlIn computer security, mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target...
for files - integral part of Linux kernel version 2.6.30
- latest version: 2.2.0
- uses standard LSM
Check the detailed differences in the Comparison chart of 1.x and 2.x.
External links=