This is a list of

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...

s specifically focused on

security Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social ...

. Operating systems for general-purpose usage may be secure without having a specific focus on security. Similar concepts include security-evaluated operating systems that have achieved certification from an

auditing An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon.” Auditing ...

organization, and

trusted operating system Trusted Operating System (TOS) generally refers to an operating system that provides sufficient support for multilevel security and evidence of correctness to meet a particular set of government requirements. The most common set of criteria for tru ...

s that provide sufficient support for

multilevel security Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications (i.e., at different security levels), permit access by users with different security clearan ...

and evidence of correctness to meet a particular set of requirements.

Linux

Android-based

* Android in general is very secure, having many security features such as taking advantage of SELinux and Verified Boot. * CalyxOS is a

free and open source Free and open-source software (FOSS) is a term used to refer to groups of software consisting of both free software and open-source software where anyone is freely licensed to use, copy, study, and change the software in any way, and the source ...

privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...

and

focused Android Custom

ROM Rom, or ROM may refer to: Biomechanics and medicine * Risk of mortality, a medical classification to estimate the likelihood of death for a patient * Rupture of membranes, a term used during pregnancy to describe a rupture of the amniotic sac * ...

* DivestOS is a

and

focused Android Custom

GrapheneOS GrapheneOS (formerly Android Hardening or AndroidHardening) is an Android-based, open source, privacy and security-focused mobile operating system for selected Google Pixel smartphones. History The main developer, Daniel Micay, originally ...

is an

open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...

and

focused Android Custom

Kali NetHunter Kali NetHunter is a free and open-source mobile penetration testing platform for Android devices, based on Kali Linux. Kali NetHunter is available for un-rooted devices (NetHunter Rootless), for rooted devices that have a standard recovery (NetHu ...

is a

Kali Linux Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security. Kali Linux has around 600 penetration-testing programs (tools), including Armitage (a ...

based Android Custom

for

penetration testing A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. T ...

Debian-based

* Subgraph is a

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...

-based operating system designed to be resistant to

surveillance Surveillance is the monitoring of behavior, many activities, or information for the purpose of information gathering, influencing, managing or directing. This can include observation from a distance by means of electronic equipment, such as c ...

and interference by sophisticated adversaries over the Internet. Subgraph OS is designed with features that aim to reduce the attack surface of the operating system, and increase the difficulty required to carry out certain classes of attack. This is accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also places emphasis on ensuring the integrity of installed software packages through

deterministic compilation Reproducible builds, also known as deterministic compilation, is a process of compiling software which ensures the resulting binary code can be reproduced. Source code compiled using deterministic compilation will always output the same binary. ...

. Subgraph OS features a kernel hardened with the Grsecurity and

PaX Pax or PAX may refer to: Peace * Peace (Latin: ''pax'') ** Pax (goddess), the Roman goddess of peace ** Pax, a truce term * Pax (liturgy), a salutation in Catholic and Lutheran religious services * Pax (liturgical object), an object formerly ki ...

patchset,

Linux namespaces Namespaces are a feature of the Linux kernel that partitions kernel resources such that one set of processes sees one set of resources while another set of processes sees a different set of resources. The feature works by having the same nam ...

, and

Xpra xpra, abbreviated from X Persistent Remote Applications, is a set of software utilities that run X clients, typically on a remote host, and direct their display to the local machine without the X clients closing or losing any state in case the ne ...

for application containment, mandatory file system encryption using LUKS, resistance to cold boot attacks, and is configured by default to isolate network communications for installed applications to independent circuits on the Tor anonymity network. * Tails is a security-focused Linux distribution aimed at preserving

and anonymity. It is meant to be run as Live-CD or from a USB Drive and to not write any kind of data to a drive, unless specified or persistence is set. That way, it lives in RAM and everything is purged from the system whenever it is powered off. Tails is designed to do an emergency shutdown and erase its data from

RAM Ram, ram, or RAM may refer to: Animals * A male sheep * Ram cichlid, a freshwater tropical fish People * Ram (given name) * Ram (surname) * Ram (director) (Ramsubramaniam), an Indian Tamil film director * RAM (musician) (born 1974), Dutch * ...

if the medium where it resides is expelled. *

Whonix Whonix (, ) is a Kicksecure–based security hardened Linux distribution. Its main goals are to provide strong privacy and anonymity on the Internet. The operating system consists of two virtual machines, a "Workstation" and a Tor "Gateway", r ...

is an anonymous general purpose operating system based on

VirtualBox Oracle VM VirtualBox (formerly Sun VirtualBox, Sun xVM VirtualBox and Innotek VirtualBox) is a type-2 hypervisor for x86 virtualization developed by Oracle Corporation. VirtualBox was originally created by Innotek GmbH, which was acquired by ...

Debian Debian (), also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source software, developed by the community-supported Debian Project, which was established by Ian Murdock on August 16, 1993. The first version of D ...

and Tor. By Whonix design, IP and DNS leaks are impossible. Not even Malware as Superuser can find out the user's real IP address/location. This is because Whonix consists of two (virtual) machines. One machine solely runs Tor and acts as a gateway, called Whonix-Gateway. The other machine, called Whonix-Workstation, is on a completely isolated network. It is also possible to use multiple Whonix Workstations simultaneously through one Gateway, that will provide stream isolation (though is not necessarily endorsed). All the connections are forced through Tor with the Whonix Gateway Virtual Machine, therefore IP and

DNS The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to ...

leaks are impossible.

Fedora-based

* Qubes OS is a desktop

based around the Xen

hypervisor A hypervisor (also known as a virtual machine monitor, VMM, or virtualizer) is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is calle ...

that allows grouping programs into a number of isolated sandboxes (

virtual machine In computing, a virtual machine (VM) is the virtualization/emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized hardw ...

s) to provide security. Windows for programs running within these sandboxes ("security domains") can be color coded for easy recognition. The security domains are configurable, they can be transient (changes to the file system will not be preserved), and their network connection can be routed through special virtual machines (for example one that only provides Tor networking). The operating system provides secure mechanisms for copy and paste and for copying files between the security domains

Gentoo-based

* Pentoo is a

Live CD A live CD (also live DVD, live disc, or live operating system) is a complete bootable computer installation including operating system which runs directly from a CD-ROM or similar storage device into a computer's memory, rather than loading fro ...

and Live USB designed for

and security assessment. Based on

Gentoo Linux Gentoo Linux (pronounced ) is a Linux distribution built using the Portage package management system. Unlike a binary software distribution, the source code is compiled locally according to the user's preferences and is often optimized for the ...

, Pentoo is provided both as 32 and 64-bit installable

live CD A live CD (also live DVD, live disc, or live operating system) is a complete bootable computer installation including operating system which runs directly from a CD-ROM or similar storage device into a computer's memory, rather than loading fro ...

. It is built on

Hardened Gentoo Gentoo Linux (pronounced ) is a Linux distribution built using the Portage package management system. Unlike a binary software distribution, the source code is compiled locally according to the user's preferences and is often optimized for th ...

linux including a hardened kernel and a toolchain. *

Tin Hat Linux This is a list of Gentoo Linux derivatives. Calculate Linux ChromiumOS and ChromeOS Container Linux (formerly CoreOS) FireballISO FireballISO (or "Fireball") is a VMware virtual appliance that builds a security-hardened Live CD con ...

is derived from

Linux. It aims to provide a very secure, stable, and fast

desktop A desktop traditionally refers to: * The surface of a desk (often to distinguish office appliances that fit on a desk, such as photocopiers and printers, from larger equipment covering its own area on the floor) Desktop may refer to various compu ...

environment that lives purely in

Other Linux distributions

Alpine Linux Alpine Linux is a Linux distribution designed to be small, simple and secure. Alpine Linux uses musl, BusyBox and OpenRC instead of the more commonly used glibc, GNU Core Utilities and systemd respectively.

is an actively maintained lightweight

musl musl is a C standard library intended for operating systems based on the Linux kernel, released under the MIT License. It was developed by Rich Felker with the goal to write a clean, efficient and standards-conformant libc implementation. O ...

and

BusyBox BusyBox is a software suite that provides several Unix utilities in a single executable file. It runs in a variety of POSIX environments such as Linux, Android, and FreeBSD, although many of the tools it provides are designed to work with in ...

-based distribution. It uses

and grsecurity patches in the default kernel and compiles all packages with

stack-smashing protection Buffer overflow protection is any of various techniques used during software development to enhance the security of executable programs by detecting buffer overflows on stack-allocated variables, and preventing them from causing program misbehavior ...

. * Annvix was originally forked from

Mandriva Mandriva S.A. was a public software company specializing in Linux and open-source software. Its corporate headquarters was in Paris, and it had development centers in Metz, France and Curitiba, Brazil. Mandriva, S.A. was the developer and maint ...

to provide a security-focused server distribution that employs ProPolice protection, hardened configuration, and a small footprint. There were plans to include full support for the

RSBAC Rule-set-based access control (RSBAC) is an open source access control framework for current Linux kernels, which has been in stable production use since January 2000 (version 1.0.9a). Features * Free open source GNU General Public License (GNU Ge ...

mandatory access control In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system or database constrains the ability of a ''subject'' or ''initiator'' to access or generally perform some sort of operation on a ...

system. Annvix is dormant, however, with the last version being released on 30 December 2007. * EnGarde Secure Linux is a secure platform designed for servers. It has had a browser-based tool for MAC using SELinux since 2003. Additionally, it can be accompanied with Web, DNS, and email enterprise applications, specifically focusing on security without any unnecessary software. The community platform of EnGarde Secure Linux is the bleeding-edge version freely available for download. *

Immunix Immunix is a discontinued commercial operating system that provided host-based application security solutions. The last release of Immunix's Linux distribution was version 7.3 on November 27, 2003. Immunix, Inc. was the creator of AppArmor, an appl ...

was a commercial distribution of Linux focused heavily on security. They supplied many systems of their own making, including

StackGuard Buffer overflow protection is any of various techniques used during software development to enhance the security of executable programs by detecting buffer overflows on stack-allocated variables, and preventing them from causing program misbehavior ...

; cryptographic signing of executables; race condition patches; and format string exploit guarding code. Immunix traditionally releases older versions of their distribution free for non-commercial use. The Immunix distribution itself is licensed under two licenses: The Immunix commercial and non-commercial licenses. Many tools within are GPL, however, as is the kernel. *

Solar Designer Alexander Peslyak (Александр Песляк) (born 1977), better known as Solar Designer, is a security specialist from Russia. He is best known for his publications on exploitation techniques, including the return-to-libc attack and the f ...

Openwall Project The Openwall Project is a source for various software, including Openwall GNU/*/Linux (Owl), a security-enhanced Linux distribution designed for servers. Openwall patches and security extensions have been included into many major Linux distribut ...

(Owl) was the first distribution to have a non-executable

userspace A modern computer operating system usually segregates virtual memory into user space and kernel space. Primarily, this separation serves to provide memory protection and hardware protection from malicious or errant software behaviour. Kernel ...

stack, /tmp

race condition A race condition or race hazard is the condition of an electronics, software, or other system where the system's substantive behavior is dependent on the sequence or timing of other uncontrollable events. It becomes a bug when one or more of t ...

protection, and

access control In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of ''accessing'' may mean consuming ...

restrictions to /proc data, by way of a

kernel Kernel may refer to: Computing * Kernel (operating system), the central component of most operating systems * Kernel (image processing), a matrix used for image convolution * Compute kernel, in GPGPU programming * Kernel method, in machine learnin ...

patch Patch or Patches may refer to: Arts, entertainment and media * Patch Johnson, a fictional character from ''Days of Our Lives'' * Patch (''My Little Pony''), a toy * "Patches" (Dickey Lee song), 1962 * "Patches" (Chairmen of the Board song) ...

. It also features a per-user tmp directory via the pam_mktemp PAM module, and supports

Blowfish Tetraodontidae is a family of primarily marine and estuarine fish of the order Tetraodontiformes. The family includes many familiar species variously called pufferfish, puffers, balloonfish, blowfish, blowies, bubblefish, globefish, swellfis ...

password encryption.

BSD-based

TrustedBSD FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular ope ...

is a sub-project of

FreeBSD FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular ...

designed to add trusted operating system extensions, targeting the

Common Criteria The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. It is currently in version 3.1 revision 5. Common Criteria ...

for Information Technology Security Evaluation (see also Orange Book). Its main focuses are working on

access control list In computer security, an access-control list (ACL) is a list of permissions associated with a system resource (object). An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on giv ...

s, event auditing, extended attributes,

s, and fine-grained capabilities. Since access control lists are known to be confronted with the

confused deputy problem In information security, a confused deputy is a computer program that is tricked by another program (with fewer privileges or less rights) into misusing its authority on the system. It is a specific type of privilege escalation. The confused deput ...

, capabilities are a different way to avoid this issue. As part of the TrustedBSD project, there is also a port of NSA's FLASK/TE implementation to run on FreeBSD. Many of these trusted extensions have been integrated into the main FreeBSD branch starting at 5.x. *

OpenBSD OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. According to the website, the OpenBSD project em ...

is a research operating system for developing security mitigations.

SELinux module

Security-Enhanced Linux Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). SELinux is a set of kernel modifications and user-space ...

(SELinux) is a module that may be incorporated into a Linux distribution.

Object-capability systems

These operating systems are all engineered around the object-capabilities security paradigm. Instead of the system deciding if an access request should be granted, the bundling authority and designation decides. *

CapROS Capability-based Reliable Operating System (CapROS) is an operating system incorporating pure capability-based security. It features automatic persistence of data and processes, even across system reboots. Capability systems naturally support th ...

EROS In Greek mythology, Eros (, ; grc, Ἔρως, Érōs, Love, Desire) is the Greek god of love and sex. His Roman counterpart was Cupid ("desire").''Larousse Desk Reference Encyclopedia'', The Book People, Haydock, 1995, p. 215. In the earli ...

Genode Genode is a free and open-source software operating system (OS) framework consisting of a microkernel abstraction layer and a set of user space components. The framework is notable as one of the few open-source operating systems not derived from ...

* Fiasco.OC *

KeyKOS KeyKOS is a persistent, pure capability-based operating system for the IBM S/370 mainframe computers. It allows emulating the environments of VM, MVS, and Portable Operating System Interface (POSIX). It is a predecessor of the Extremely Reliab ...

seL4 L4 is a family of second-generation microkernels, used to implement a variety of types of operating systems (OS), though mostly for Unix-like, ''Portable Operating System Interface'' (POSIX) compliant types. L4, like its predecessor microkernel ...

Solaris-based

* Trusted Solaris was a security-focused version of the Solaris Unix operating system. Aimed primarily at the government computing sector, Trusted Solaris adds detailed auditing of all tasks, pluggable

authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicati ...

, mandatory

, additional physical authentication devices, and fine-grained access control. Trusted Solaris is

certified. The most recent version, Trusted Solaris 8 (released 2000), received the EAL4 certification level augmented by a number of protection profiles. Telnet was vulnerable to

buffer overflow In information security and programming, a buffer overflow, or buffer overrun, is an anomaly whereby a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations. Buffers are areas of memory ...

exploits until patched in April 2001.

References

{{Reflist, 30em, refs= Pentoo (Gentoo) Based Linux Review, Features and Screenshot Tour
TecMint. KITE Introduces a New Secured FOSS Based Operating System
/ref> A Look at Pentoo Linux and Its Security Analysis Tools

eWeek ''eWeek'' (''Enterprise Newsweekly'', stylized as ''eWEEK''), formerly PCWeek, is a technology and business magazine. Previously owned by QuinStreet; Nashville, Tennessee marketing company TechnologyAdvice acquired eWeek in 2020. The print edi ...

12 Best Operating Systems For Ethical Hacking And Penetration Testing , 2018 Edition
/ref> Operating system security

Linux

Android-based

Debian-based

Fedora-based

Gentoo-based

Other Linux distributions

BSD-based

SELinux module

Object-capability systems

Solaris-based

See also

References