In-kernel Security
| Kernel Name | File access control | Disable memory execution support | Kernel ASLR | Mandatory access control | Capability-based security | In-kernel key management | Audit API | Sandbox | SYN flood protection | UDP flood protection | Ping flood protection | Smurf attack protection | Network Behavior Analysis |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Linux Kernel | Traditional Unix permissions, POSIX ACL | Yes | Yes | LSM(SELinux, SMACK, TOMOYO Linux, AppArmor) | Yes | keyctl | fanotify | SELinux Sandbox, seccomp, KVM | SYN cookies | No? | No? | No? | No |
| FreeBSD Kernel | Traditional Unix permissions, POSIX and NFSv4 ACL | Yes | ? | TrustedBSD MAC | Capsicum | ? | OpenBSM | Capsicum | SYN cookies | ? | ? | ? | ? |
| Solaris Kernel | Traditional Unix permissions, POSIX ACL, NFSv4 ACL | Default | ? | Solaris Trusted Extensions | ? | ? | ? | ? | ? | ? | ? | ? | ? |
| Windows NT kernel | Access control list | DEP | Yes | Mandatory Integrity Control | ? | ? | ? | ? | ? | ? | ? | ? | ? |
| XNU | Traditional Unix permissions, access control list | Yes | Yes | TrustedBSD MAC | ? | ? | OpenBSM | Apple XNU Sandbox | ? | ? | ? | ? | ? |
Read more about this topic: Comparison Of Operating System Kernels
Famous quotes containing the word security:
“A well-regulated militia being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.”
—Second Amendment, U.S. Constitution (1791)