This is a list of

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ef ...

s specifically focused on

security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...

. Operating systems for general-purpose usage may be secure without having a specific focus on security. Similar concepts include

security-evaluated operating system In computing, security-evaluated operating systems have achieved certification from an external security-auditing organization, the most popular evaluations are Common Criteria (CC) and FIPS 140-2. Oracle Solaris Trusted Solaris 8 was a securi ...

s that have achieved certification from an

auditing An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon.” Auditing ...

organization, and

trusted operating system Trusted Operating System (TOS) generally refers to an operating system that provides sufficient support for multilevel security and evidence of correctness to meet a particular set of government requirements. The most common set of criteria for t ...

s that provide sufficient support for multilevel security and evidence of correctness to meet a particular set of requirements.

Linux

Android-based

* Android in general is very secure, having many security features such as taking advantage of SELinux and Verified Boot. * CalyxOS is a

free and open source Free and open-source software (FOSS) is a term used to refer to groups of software consisting of both free software and open-source software where anyone is freely licensed to use, copy, study, and change the software in any way, and the source ...

privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of ...

and

focused Android Custom ROM *

DivestOS DivestOS is a free operating system (OS) based on the Android mobile platform. It is a soft fork of LineageOS that aims to increase security and privacy, and support older devices. As much as possible it removes proprietary Android components ...

is a

and

focused Android Custom ROM *

GrapheneOS GrapheneOS (formerly Android Hardening or AndroidHardening) is an Android-based, open source, privacy and security-focused mobile operating system for selected Google Pixel smartphones. History The main developer, Daniel Micay, originall ...

is an

open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized so ...

and

focused Android Custom ROM *

Kali NetHunter Kali NetHunter is a free and open-source mobile penetration testing platform for Android devices, based on Kali Linux. Kali NetHunter is available for un-rooted devices (NetHunter Rootless), for rooted devices that have a standard recovery (NetHu ...

is a

Kali Linux based Android Custom ROM for

penetration testing A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment ...

Debian-based

* Subgraph is a

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, whi ...

-based operating system designed to be resistant to

surveillance Surveillance is the monitoring of behavior, many activities, or information for the purpose of information gathering, influencing, managing or directing. This can include observation from a distance by means of electronic equipment, such as ...

and interference by sophisticated adversaries over the Internet. Subgraph OS is designed with features that aim to reduce the attack surface of the operating system, and increase the difficulty required to carry out certain classes of attack. This is accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also places emphasis on ensuring the integrity of installed software packages through deterministic compilation. Subgraph OS features a kernel hardened with the Grsecurity and PaX patchset,

Linux namespaces Namespaces are a feature of the Linux kernel that partitions kernel resources such that one set of processes sees one set of resources while another set of processes sees a different set of resources. The feature works by having the same nam ...

, and

Xpra xpra, abbreviated from X Persistent Remote Applications, is a set of software utilities that run X clients, typically on a remote host, and direct their display to the local machine without the X clients closing or losing any state in case the ne ...

for application containment, mandatory file system encryption using LUKS, resistance to cold boot attacks, and is configured by default to isolate network communications for installed applications to independent circuits on the Tor anonymity network. * Tails is a security-focused Linux distribution aimed at preserving

and anonymity. It is meant to be run as Live-CD or from a USB Drive and to not write any kind of data to a drive, unless specified or persistence is set. That way, it lives in RAM and everything is purged from the system whenever it is powered off. Tails is designed to do an emergency shutdown and erase its data from

RAM Ram, ram, or RAM may refer to: Animals * A male sheep * Ram cichlid, a freshwater tropical fish People * Ram (given name) * Ram (surname) * Ram (director) (Ramsubramaniam), an Indian Tamil film director * RAM (musician) (born 1974), Dutch * ...

if the medium where it resides is expelled. *

Whonix Whonix (, ) is a Kicksecure–based security hardened Linux distribution. Its main goals are to provide strong privacy and anonymity on the Internet. The operating system consists of two virtual machines, a "Workstation" and a Tor "Gateway", ru ...

is an anonymous general purpose operating system based on

VirtualBox Oracle VM VirtualBox (formerly Sun VirtualBox, Sun xVM VirtualBox and Innotek VirtualBox) is a type-2 hypervisor for x86 virtualization developed by Oracle Corporation. VirtualBox was originally created by Innotek GmbH, which was acquired by S ...

Debian Debian (), also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source software, developed by the community-supported Debian Project, which was established by Ian Murdock on August 16, 1993. The first version of De ...

and Tor. By Whonix design, IP and DNS leaks are impossible. Not even Malware as Superuser can find out the user's real IP address/location. This is because Whonix consists of two (virtual) machines. One machine solely runs Tor and acts as a gateway, called Whonix-Gateway. The other machine, called Whonix-Workstation, is on a completely isolated network. It is also possible to use multiple Whonix Workstations simultaneously through one Gateway, that will provide stream isolation (though is not necessarily endorsed). All the connections are forced through Tor with the Whonix Gateway Virtual Machine, therefore IP and DNS leaks are impossible.

Fedora-based

Qubes OS Qubes OS is a security-focused desktop Linux distribution that aims to provide security through isolation. Virtualization is performed by Xen, and user environments can be based on (with official support) Fedora or Debian, or (with communit ...

is a desktop

based around the Xen

hypervisor A hypervisor (also known as a virtual machine monitor, VMM, or virtualizer) is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called ...

that allows grouping programs into a number of isolated sandboxes (

virtual machine In computing, a virtual machine (VM) is the virtualization/ emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized h ...

s) to provide security. Windows for programs running within these sandboxes ("security domains") can be color coded for easy recognition. The security domains are configurable, they can be transient (changes to the file system will not be preserved), and their network connection can be routed through special virtual machines (for example one that only provides Tor networking). The operating system provides secure mechanisms for copy and paste and for copying files between the security domains

Gentoo-based

Pentoo Pentoo is a Live CD and Live USB designed for penetration testing and security assessment. Based on Gentoo Linux, Pentoo is provided both as 32 and 64-bit installable live CD. Pentoo is also available as an overlay for an existing Gentoo installa ...

is a

Live CD A live CD (also live DVD, live disc, or live operating system) is a complete bootable computer installation including operating system which runs directly from a CD-ROM or similar storage device into a computer's memory, rather than loading f ...

and Live USB designed for

and security assessment. Based on

Gentoo Linux Gentoo Linux (pronounced ) is a Linux distribution built using the Portage package management system. Unlike a binary software distribution, the source code is compiled locally according to the user's preferences and is often optimized for th ...

, Pentoo is provided both as 32 and 64-bit installable

live CD A live CD (also live DVD, live disc, or live operating system) is a complete bootable computer installation including operating system which runs directly from a CD-ROM or similar storage device into a computer's memory, rather than loading f ...

. It is built on Hardened Gentoo linux including a hardened kernel and a toolchain. * Tin Hat Linux is derived from Hardened Gentoo Linux. It aims to provide a very secure, stable, and fast desktop environment that lives purely in

Other Linux distributions

* Alpine Linux is an actively maintained lightweight

musl musl is a C standard library intended for operating systems based on the Linux kernel, released under the MIT License. It was developed by Rich Felker with the goal to write a clean, efficient and standards-conformant libc implementation. ...

and

BusyBox BusyBox is a software suite that provides several Unix utilities in a single executable file. It runs in a variety of POSIX environments such as Linux, Android, and FreeBSD, although many of the tools it provides are designed to work with inte ...

-based distribution. It uses PaX and grsecurity patches in the default kernel and compiles all packages with

stack-smashing protection Buffer overflow protection is any of various techniques used during software development to enhance the security of executable programs by detecting buffer overflows on stack-allocated variables, and preventing them from causing program misbehavior ...

. * Annvix was originally forked from

Mandriva Mandriva S.A. was a public software company specializing in Linux and open-source software. Its corporate headquarters was in Paris, and it had development centers in Metz, France and Curitiba, Brazil. Mandriva, S.A. was the developer and mainta ...

to provide a security-focused server distribution that employs

ProPolice Buffer overflow protection is any of various techniques used during software development to enhance the security of executable programs by detecting buffer overflows on stack-allocated variables, and preventing them from causing program misbehavior ...

protection, hardened configuration, and a small footprint. There were plans to include full support for the RSBAC

mandatory access control In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system or database constrains the ability of a ''subject'' or ''initiator'' to access or generally perform some sort of operation on a ...

system. Annvix is dormant, however, with the last version being released on 30 December 2007. *

EnGarde Secure Linux EnGarde Secure Linux was an open source server-only Linux distribution developed by Guardian Digital. EnGarde incorporates open source tools such as Postfix, BIND, and the LAMP stack. The platform includes services for web hosting, DNS and emai ...

is a secure platform designed for servers. It has had a browser-based tool for MAC using SELinux since 2003. Additionally, it can be accompanied with Web, DNS, and email enterprise applications, specifically focusing on security without any unnecessary software. The community platform of EnGarde Secure Linux is the bleeding-edge version freely available for download. *

Immunix Immunix is a discontinued commercial operating system that provided host-based application security solutions. The last release of Immunix's Linux distribution was version 7.3 on November 27, 2003. Immunix, Inc. was the creator of AppArmor, an appl ...

was a commercial distribution of Linux focused heavily on security. They supplied many systems of their own making, including StackGuard; cryptographic signing of executables; race condition patches; and format string exploit guarding code. Immunix traditionally releases older versions of their distribution free for non-commercial use. The Immunix distribution itself is licensed under two licenses: The Immunix commercial and non-commercial licenses. Many tools within are GPL, however, as is the kernel. *

Solar Designer Alexander Peslyak (Александр Песляк) (born 1977), better known as Solar Designer, is a security specialist from Russia. He is best known for his publications on exploitation techniques, including the return-to-libc attack and the f ...

's Openwall Project (Owl) was the first distribution to have a non-executable

userspace A modern computer operating system usually segregates virtual memory into user space and kernel space. Primarily, this separation serves to provide memory protection and hardware protection from malicious or errant software behaviour. Kerne ...

stack Stack may refer to: Places * Stack Island, an island game reserve in Bass Strait, south-eastern Australia, in Tasmania’s Hunter Island Group * Blue Stack Mountains, in Co. Donegal, Ireland People * Stack (surname) (including a list of people ...

, /tmp

race condition A race condition or race hazard is the condition of an electronics, software, or other system where the system's substantive behavior is Sequential logic, dependent on the sequence or timing of other uncontrollable events. It becomes a software ...

protection, and

access control In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of ''accessing'' may mean consuming ...

restrictions to /proc data, by way of a kernel

patch Patch or Patches may refer to: Arts, entertainment and media * Patch Johnson, a fictional character from ''Days of Our Lives'' * Patch (''My Little Pony''), a toy * "Patches" (Dickey Lee song), 1962 * "Patches" (Chairmen of the Board song ...

. It also features a per-user tmp directory via the pam_mktemp PAM module, and supports Blowfish password encryption.

BSD-based

TrustedBSD FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular op ...

is a sub-project of

FreeBSD FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular ...

designed to add trusted operating system extensions, targeting the

Common Criteria The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard ( ISO/IEC 15408) for computer security certification. It is currently in version 3.1 revision 5. Common Criteria ...

for Information Technology Security Evaluation (see also Orange Book). Its main focuses are working on

access control list In computer security, an access-control list (ACL) is a list of permissions associated with a system resource (object). An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on gi ...

s, event auditing, extended attributes,

s, and fine-grained capabilities. Since access control lists are known to be confronted with the

confused deputy problem In information security, a confused deputy is a computer program that is tricked by another program (with fewer privileges or less rights) into misusing its authority on the system. It is a specific type of privilege escalation. The confused dep ...

, capabilities are a different way to avoid this issue. As part of the TrustedBSD project, there is also a port of NSA's FLASK/TE implementation to run on FreeBSD. Many of these trusted extensions have been integrated into the main FreeBSD branch starting at 5.x. *

OpenBSD OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. According to the website, the OpenBSD project e ...

is a research operating system for developing security mitigations.

SELinux module

Security-Enhanced Linux Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). SELinux is a set of kernel modifications and user-space ...

(SELinux) is a module that may be incorporated into a Linux distribution.

Object-capability systems

These operating systems are all engineered around the object-capabilities security paradigm. Instead of the system deciding if an access request should be granted, the bundling authority and designation decides. *

CapROS Capability-based Reliable Operating System (CapROS) is an operating system incorporating pure capability-based security. It features automatic persistence of data and processes, even across system reboots. Capability systems naturally support th ...

EROS In Greek mythology, Eros (, ; grc, Ἔρως, Érōs, Love, Desire) is the Greek god of love and sex. His Roman counterpart was Cupid ("desire").''Larousse Desk Reference Encyclopedia'', The Book People, Haydock, 1995, p. 215. In the ear ...

Genode Genode is a free and open-source software operating system (OS) framework consisting of a microkernel abstraction layer and a set of user space components. The framework is notable as one of the few open-source operating systems not derived from ...

* Fiasco.OC *

KeyKOS KeyKOS is a persistent, pure capability-based operating system for the IBM S/370 mainframe computers. It allows emulating the environments of VM, MVS, and Portable Operating System Interface ( POSIX). It is a predecessor of the Extremely R ...

seL4 L4 is a family of second-generation microkernels, used to implement a variety of types of operating systems (OS), though mostly for Unix-like, ''Portable Operating System Interface'' (POSIX) compliant types. L4, like its predecessor microkernel ...

Solaris-based

Trusted Solaris Trusted Solaris is a discontinued security-evaluated operating system based on Solaris by Sun Microsystems, featuring a mandatory access control model. Features * Accounting * Role-Based Access Control * Auditing * Device allocation * Mandatory ac ...

was a security-focused version of the Solaris Unix operating system. Aimed primarily at the government computing sector, Trusted Solaris adds detailed auditing of all tasks, pluggable

authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicatin ...

, mandatory

, additional physical authentication devices, and fine-grained access control. Trusted Solaris is

certified. The most recent version, Trusted Solaris 8 (released 2000), received the EAL4 certification level augmented by a number of protection profiles. Telnet was vulnerable to buffer overflow exploits until patched in April 2001.

References

{{Reflist, 30em, refs= Pentoo (Gentoo) Based Linux Review, Features and Screenshot Tour
TecMint. KITE Introduces a New Secured FOSS Based Operating System
/ref> A Look at Pentoo Linux and Its Security Analysis Tools
eWeek 12 Best Operating Systems For Ethical Hacking And Penetration Testing , 2018 Edition
/ref> Operating system security

Linux

Android-based

Debian-based

Fedora-based

Gentoo-based

Other Linux distributions

BSD-based

SELinux module

Object-capability systems

Solaris-based

See also

References