WhiteEgret: New Linux Security Module For Execution Whitelisting

Written by Michael Larabel in Linux Security on 30 May 2017 at 10:36 AM EDT. 10 Comments
LINUX SECURITY
WhiteEgret is the name of a new Linux Security Module (LSM) in-development by Toshiba for being able to limit what your system can execute via a whitelist.

Masanobu Koike of Toshiba has described of WhiteEgret:
An execution-whitelist, simply called whitelist, is a list of executable components (e.g., applications, libraries) that are approved to run on a host. The whitelist is used to decide whether executable components are permitted to execute or not. This mechanism can stop an execution of unknown software, so it helps to stop the execution of malicious code and other unauthorized software. The whitelisting-type execution control works best in the execution environments that are not changed for a long time, for example, servers and control devices in industrial control systems. This RFC provides a whitelisting-type execution control implementation WhiteEgret.

WhiteEgret prides itself on an easy setup process, shortened downtime, less restrictions on the operational environment, and more.

This new Linux Security Module is just over two thousand lines of new code and is currently available for review via the kernel mailing list. More details via the patch series.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week