KBlare is a Linux security module aiming to provide a framework for distributed intrusion detection based on taint marking. As shown on the picture below, we are able to detect privacy violations as well as malwares and intrusions. We do not enforce any policy but only raise alerts in case of illegal behavior. We do not provide any default policy with KBlare yet (but we do with AndroBlare), though this may be the case in future releases. The policy is defined by the system administrator via userspace tools (see below).
As shown in green on the picture below, we do focus on information flow tracking and information flow violations, with respect to a (user defined) security policy. With this approach, examples of what we are able to detect include malware and privacy violations, as shown in Blue.
The policy is specified by the system administrator, and may also be checked using formal methods and/or enforced, as represented in gray. However have not (yet) been working on this at the moment.
See the guides for details about installing and using KBlare.