Goal: State-of-the-art security Services default to secure setting Insecure services disabled by default IPsec Eliminate set_id kmem grovellers by providing kernel APIs Audit kernel and userland code