| 1 |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> |
| 2 |
<html lang="en-US"> |
| 3 |
<head> |
| 4 |
<title>TOMOYO Linux About Page</title> |
| 5 |
<meta http-equiv="content-type" content="text/html; charset=UTF-8"> |
| 6 |
<meta http-equiv="content-style-type" content="text/css"> |
| 7 |
<link rel="stylesheet" href="/media/tomoyolinux.css" media="all" type="text/css"> |
| 8 |
</head> |
| 9 |
|
| 10 |
<body> |
| 11 |
|
| 12 |
<div id="titlebar"> |
| 13 |
<img src="/media/tomoyotitle.png" alt="tomoyotitle.png" width="320" height="40" border="0" align="left"> |
| 14 |
</div> |
| 15 |
|
| 16 |
<div id="navbar" class="tomoyo-about"> |
| 17 |
<ul id="navbarlist"> |
| 18 |
<li id="tomoyo-home"><a href="/index.html.en" title="TOMOYO Linux Home Page">Home</a></li> |
| 19 |
<li id="tomoyo-about"><a href="/about.html.en" title="About TOMOYO Linux">About</a></li> |
| 20 |
<li id="tomoyo-download"><a href="/download.html.en" title="Get TOMOYO Linux">Download</a></li> |
| 21 |
<li id="tomoyo-changelog"><a href="/changelog.html.en" title="TOMOYO Linux ChangeLog">ChangeLog</a></li> |
| 22 |
<li id="tomoyo-documentation"><a href="/documentation.html.en" title="Official Documentation">Documentation</a></li> |
| 23 |
<li id="tomoyo-links"><a href="/links.html.en" title="Useful links">Links</a></li> |
| 24 |
<li id="tomoyo-support"><a href="/support.html.en" title="Support information">Support</a></li> |
| 25 |
</ul> |
| 26 |
</div> |
| 27 |
|
| 28 |
<div id="content"> |
| 29 |
|
| 30 |
<div id="about"> |
| 31 |
|
| 32 |
<h3>About TOMOYO Linux</h3> |
| 33 |
|
| 34 |
<p>TOMOYO Linux is a Mandatory Access Control (MAC) implementation for Linux that can be used to increase the security of a system, while also being useful purely as a system analysis tool. It was launched in March 2003 and is sponsored by <a href="http://www.nttdata.co.jp/en/">NTT DATA Corporation</a>, Japan.</p> |
| 35 |
|
| 36 |
<p>TOMOYO Linux focuses on the behaviour of a system. Every process is created to achieve a purpose, and like an immigration officer, TOMOYO Linux allows each process to declare behaviours and resources needed to achieve their purpose. When protection is enabled, TOMOYO Linux acts like an operation watchdog, restricting each process to only the behaviours and resources allowed by the administrator.</p> |
| 37 |
|
| 38 |
<p><strong>TOMOYO Linux 1.x</strong> is the original branch of development, which was first released on 11th November 2005 under the GNU GPL. It was implemented as a patch that can be applied to the Linux kernel and is still in active development.</p> |
| 39 |
|
| 40 |
<p><strong>TOMOYO Linux 2.x</strong> is the Linux mainline kernel branch of development. In June 2009, a subset of TOMOYO functionality was merged into the Linux kernel 2.6.30 and makes use of standard Linux Security Module (LSM) hooks. However, the LSM hooks must be extended further in order to port the full MAC functionality of TOMOYO Linux 1.x into the Linux kernel. Thus, it does not yet provide equal functionality with the 1.x branch of development. <a href="/comparison.html.en">This chart</a> compares the differences between each branch.</p> |
| 41 |
|
| 42 |
<h3>What can TOMOYO Linux be used for?</h3> |
| 43 |
|
| 44 |
<p>In a normal operating system (OS), every application is unmonitored and it is difficult to determine what is happening in a system:</p> |
| 45 |
<p><img src="/media/disabled.png" alt="disabled.png" width="500" height="350" style="border:2px solid #000000"></p> |
| 46 |
|
| 47 |
<p>If TOMOYO Linux is introduced, each application can be monitored to determine exactly what it is doing and a policy configuration can be automatically generated.</p> |
| 48 |
|
| 49 |
<p>Every action that an application performs is automatically appended to an Access Control List (ACL). Browsing this list can allow a precise understanding of what each application is doing:</p> |
| 50 |
<p><img src="/media/permissive.png" alt="permissive.png" width="500" height="350" style="border:2px solid #000000"></p> |
| 51 |
|
| 52 |
<p>TOMOYO Linux can therefore be used as a system analysis tool, which can aid in:</p> |
| 53 |
<ul> |
| 54 |
<li>debugging applications</li> |
| 55 |
<li>understanding the behaviour of a Linux system</li> |
| 56 |
<li>writing documentation</li> |
| 57 |
</ul> |
| 58 |
|
| 59 |
<p>If protection is enabled, TOMOYO Linux uses Mandatory Access Control to restrict each application to do only what the administrator has allowed it to do:</p> |
| 60 |
|
| 61 |
<p><img src="/media/enforcing.png" alt="enforcing.png" width="500" height="350" style="border:2px solid #000000"></p> |
| 62 |
|
| 63 |
<p>TOMOYO Linux can therefore be used as a system restriction tool, which can aid in:</p> |
| 64 |
<ul> |
| 65 |
<li>restricting services such as SSH and Apache</li> |
| 66 |
<li>restricting system administrator operations</li> |
| 67 |
<li>creating per-application networking firewalls</li> |
| 68 |
<li>reducing damage caused by buffer overflows and other security exploits</li> |
| 69 |
<li>deploying a honeypot system</li> |
| 70 |
</ul> |
| 71 |
|
| 72 |
</div><!-- about --> |
| 73 |
|
| 74 |
</div><!-- content --> |
| 75 |
|
| 76 |
<div id="footer"> |
| 77 |
<p class="timestamp">Last modified: $Date$</p> |
| 78 |
<p class="trademark">Linux�� is a registered trademark of Linus Torvalds world-wide. TOMOYO�� is a registered trademark of <a href="http://www.nttdata.co.jp/en/">NTT DATA Corporation</a>.</p> |
| 79 |
</div> |
| 80 |
|
| 81 |
</body> |
| 82 |
</html> |
TOMOYO
Parent Directory
Revision Log