WhiteEgret: New Linux Security Module For Execution Whitelisting
WhiteEgret is the name of a new Linux Security Module (LSM) in-development by Toshiba for being able to limit what your system can execute via a whitelist.
Masanobu Koike of Toshiba has described of WhiteEgret:
WhiteEgret prides itself on an easy setup process, shortened downtime, less restrictions on the operational environment, and more.
This new Linux Security Module is just over two thousand lines of new code and is currently available for review via the kernel mailing list. More details via the patch series.
Masanobu Koike of Toshiba has described of WhiteEgret:
An execution-whitelist, simply called whitelist, is a list of executable components (e.g., applications, libraries) that are approved to run on a host. The whitelist is used to decide whether executable components are permitted to execute or not. This mechanism can stop an execution of unknown software, so it helps to stop the execution of malicious code and other unauthorized software. The whitelisting-type execution control works best in the execution environments that are not changed for a long time, for example, servers and control devices in industrial control systems. This RFC provides a whitelisting-type execution control implementation WhiteEgret.
WhiteEgret prides itself on an easy setup process, shortened downtime, less restrictions on the operational environment, and more.
This new Linux Security Module is just over two thousand lines of new code and is currently available for review via the kernel mailing list. More details via the patch series.
10 Comments