The Trusted Debian project aims to create a highly secure but usable Linux platform. To accomplish this, the project will use currently available security solutions for Linux (like kernel patches, compiler patches, security related programs and techniques) and knit these together to a highly secure Linux platform.

The main focus of release 1.0 has been on fixing many (but not all) buffer overflow problems. Buffer overflows have been a popular way to break system security for years. A large portion of the Linux exploits found on the Internet today involve buffer overflows.

Trusted Debian is the first project to add this kind of protection to a major Linux distribution. There is no other UNIX system which adds the same kind of protection against buffer overflows and at the same time protects against some less well-known or even some unknown problems. Except for OpenBSD, but it falls short in the level of protection it provides. The protection added by Trusted Debian is not new. It is based on several products which have been available for a considerable time now. Yet hardly anyone ever looked at them because they could only be used by technical experts. Trusted Debian makes this technology available for a wide user community.


The first product used by the Trusted Debian project is PaX. PaX is a Linux kernel add-on which offers applications several protection mechanisms against certain buffer overflow attacks.

Trusted Debian also ships with RSBAC, an extensive access control framework which will play an important role in future releases. And FreeS/WAN, which is able to encrypt all TCP/IP communication between two machines and can therefore be used for setting up VPNs or securing wireless LAN communication, among other things.