An introduction to AppArmor

Apparmor

Cyber attacks are becoming more sophisticated, attack frequency is on the rise, and the cost of cybercrime damage is projected to reach $6 trillion annually by 2021. Traditional defensive measures such as firewalls and intrusion detection systems that operate at the network perimeter are no longer enough to protect today’s distributed enterprise networks. Rather, a ‘defence in depth’ approach is required in order to protect all facets of an organisation’s digital infrastructure.

In an ideal world, applications would be free from security vulnerabilities but, once compromised, even a trusted application can become untrustworthy. AppArmor provides a crucial layer of security around applications. By providing the capability to whitelist an application’s permissible actions, AppArmor enables administrators to apply the principle of least privilege to applications. Once in place, AppArmor can halt attacks and minimise or prevent damage in the event of a breach.

This whitepaper provides a technical introduction to AppArmor, including:

  • Why a ‘defence in depth’ strategy should be employed to mitigate the potential damage caused by a breach
  • An explanation of AppArmor, its key features and why the principle of least privilege is recommended
  • The use of AppArmor in Ubuntu and snaps

In submitting this form, I confirm that I have read and agree to Canonical’s Privacy Notice and Privacy Policy.

Ubuntu cloud

Ubuntu offers all the training, software infrastructure, tools, services and support you need for your public and private clouds.

Newsletter signup

Select topics you’re
interested in

In submitting this form, I confirm that I have read and agree to Canonical’s Privacy Notice and Privacy Policy.

Related posts

Useful security software from the Snap Store

Overall, most Linux distributions offer sane, reasonable defaults that balance security and functionality quite well. However, most of the security mechanisms are transparent, running in the background, and you still might require some additional, practical software …

Jupyter looks to distro-agnostic packaging for the democratisation of installation

When users of your application range from high school students to expert data scientists, it’s often wise to avoid any assumptions about their system configurations. The Jupyter Notebook is popular with a diverse user base, enabling …

Enhanced Livepatch desktop integration available with Ubuntu 18.04.3 LTS

Ubuntu 18.04.3 LTS has just been released. For the Desktop, newer stable versions of GNOME components have been included, as well as a new feature – Livepatch desktop integration. As usual with LTS point releases, the …