HOME

TheInfoList




This is a list of
operating system An operating system (OS) is system software System software is software designed to provide a platform for other software. Examples of system software include operating systems (OS) like macOS, Linux, Android (operating system), Android and Mi ...

operating system
s specifically focused on
security Security is freedom from, or resilience against, potential Potential generally refers to a currently unrealized ability. The term is used in a wide variety of fields, from physics Physics is the natural science that studies matter, its El ...
. Operating systems for general-purpose usage may be secure without having a specific focus on security. Similar concepts include
security-evaluated operating system In computing, security-evaluated operating systems have achieved certification from an external security-auditing organization, the most popular evaluations are Common Criteria (CC) and FIPS 140-2. Oracle Solaris Trusted Solaris 8 was a security ...
s that have achieved certification from an
auditing An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon.” Auditin ...
organization, and
trusted operating system Trusted Operating System (TOS) generally refers to an operating system that provides sufficient support for multilevel security and evidence of correctness to meet a particular set of government requirements. The most common set of criteria for tru ...
s that provide sufficient support for
multilevel security Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible Classified information in the United States, classifications (i.e., at different security levels), permit acce ...
and evidence of correctness to meet a particular set of requirements.


Linux


Android-based

*
GrapheneOS GrapheneOS is an Android (operating system), Android-based, security-hardened, privacy focused, mostly free and open-source, mobile operating system for selected Smartphone, smartphones. It is focused on internet privacy, privacy and Computer se ...
is a
free and open source Free and open-source software (FOSS) is software that is both free software and open-source software where anyone is free software license, freely licensed to use, copy, study, and change the software in any way, and the source code is openly s ...
privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. When something is private to a person, it usually means that something is inherently special ...

privacy
and
security Security is freedom from, or resilience against, potential Potential generally refers to a currently unrealized ability. The term is used in a wide variety of fields, from physics Physics is the natural science that studies matter, its El ...

security
focused
Android Android may refer to: Science and technology * Android (robot), a humanoid robot or synthetic organism designed to imitate a human * Android (operating system), Google's mobile operating system ** Android (operating system)#Mascot, Unnamed Andro ...

Android
Custom ROM * Kali NetHunter is a
free and open source Free and open-source software (FOSS) is software that is both free software and open-source software where anyone is free software license, freely licensed to use, copy, study, and change the software in any way, and the source code is openly s ...
Kali Linux Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security. Kali Linux has around 600 penetration-testing programs (tools), including Armitage (comp ...

Kali Linux
based mobile operating system usually for Android devices


Debian-based

* Subgraph is a
Linux Linux ( or ) is a family of open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product ...

Linux
-based operating system designed to be resistant to
surveillance Surveillance is the monitoring of behavior, many activities, or information for the purpose of information gathering, influencing, managing Management (or managing) is the administration of an organization An organization, or org ...

surveillance
and interference by sophisticated adversaries over the Internet. Subgraph OS is designed with features that aim to reduce the attack surface of the operating system, and increase the difficulty required to carry out certain classes of attack. This is accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also places emphasis on ensuring the integrity of installed software packages through
deterministic compilation Reproducible builds, also known as deterministic compilation, is a process of compiling software which ensures the resulting binary code can be Reproducibility, reproduced. Source code compiled using deterministic compilation will always output th ...
. Subgraph OS features a kernel hardened with the Grsecurity and PaX patchset, Linux namespaces, and
Xpra xpra, abbreviated from X Persistent Remote Applications, is a set of software utilities that run X Window System, X clients, typically on a remote host, and direct their display to the local machine without the X clients closing or losing any stat ...
for application containment, mandatory file system encryption using
LUKS The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and was originally intended for Linux. While most disk encryption software implements different, incompatible, and undocumented formats, L ...
, resistance to cold boot attacks, and is configured by default to isolate network communications for installed applications to independent circuits on the Tor anonymity network. * Tails is a security-focused Linux distribution aimed at preserving
privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. When something is private to a person, it usually means that something is inherently special ...

privacy
and anonymity. It is meant to be run as Live-CD or from a USB Drive and to not write any kind of data to a drive, unless specified or persistence is set. That way, it lives in RAM and everything is purged from the system whenever it is powered off. Tails is designed to do an emergency shutdown and erase its data from RAM if the medium where it resides is expelled. * Whonix is an anonymous general purpose operating system based on VirtualBox,
Debian Debian (), also known as Debian GNU/Linux, is a GNU/Linux distribution A Linux distribution (often abbreviated as distro) is an operating system made from a software collection that is based upon the Linux kernel and, often, a package manage ...

Debian
Linux Linux ( or ) is a family of open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product ...

Linux
and Tor. By Whonix design, IP and DNS leaks are impossible. Not even Malware as Superuser can find out the user's real IP address/location. This is because Whonix consists of two (virtual) machines. One machine solely runs Tor and acts as a gateway, called Whonix-Gateway. The other machine, called Whonix-Workstation, is on a completely isolated network. It is also possible to use multiple Whonix Workstations simultaneously through one Gateway, that will provide stream isolation (though is not necessarily endorsed). All the connections are forced through Tor with the Whonix Gateway Virtual Machine, therefore IP and
DNS
DNS
leaks are impossible.


Fedora-based

*
Qubes OS Qubes OS is a security-focused desktop operating system An operating system (OS) is system software System software is software designed to provide a platform for other software. Examples of system software include operating systems (OS) ...
is a desktop
operating system An operating system (OS) is system software System software is software designed to provide a platform for other software. Examples of system software include operating systems (OS) like macOS, Linux, Android (operating system), Android and Mi ...

operating system
based around the Xen
hypervisor A hypervisor (or virtual machine monitor, VMM, virtualizer) is similar to an emulator In computing, an emulator is Computer hardware, hardware or software that enables one computer system (called the ''host'') to behave like another compute ...
that allows grouping programs into a number of isolated sandboxes (
virtual machine In computing, a virtual machine (VM) is the virtualization In computing, virtualization or virtualisation (sometimes abbreviated v12n, a numeronym) is the act of creating a virtual (rather than actual) version of something, including virtual co ...
s) to provide security. Windows for programs running within these sandboxes ("security domains") can be color coded for easy recognition. The security domains are configurable, they can be transient (changes to the file system will not be preserved), and their network connection can be routed through special virtual machines (for example one that only provides Tor networking). The operating system provides secure mechanisms for copy and paste and for copying files between the security domains.


Gentoo-based

*
Pentoo Pentoo is a Live CD and Live USB designed for penetration testing and security assessment. Based on Gentoo Linux, Pentoo is provided both as 32 and 64-bit installable live CD. Pentoo is also available as an overlay for an existing Gentoo installa ...

Pentoo
is a
Live CD A live CD (also live DVD, live disc, or live operating system) is a complete bootable In computing Computing is any goal-oriented activity requiring, benefiting from, or creating computing machinery. It includes the study and experim ...
and Live USB designed for penetration testing and security assessment. Based on
Gentoo Linux Gentoo Linux (pronounced ) is a Linux distribution A Linux distribution (often abbreviated as distro) is an operating system An operating system (OS) is system software System software is software designed to provide a platform for oth ...

Gentoo Linux
, Pentoo is provided both as 32 and 64-bit installable
live CD A live CD (also live DVD, live disc, or live operating system) is a complete bootable In computing Computing is any goal-oriented activity requiring, benefiting from, or creating computing machinery. It includes the study and experim ...
. It is built on
Hardened Gentoo Gentoo Linux (pronounced ) is a Linux distribution built using the Portage (software), Portage package management system. Unlike a binary software distribution, the source code is compiled locally according to the user's preferences and is ofte ...
linux including a hardened kernel and a toolchain. * Tin Hat Linux is derived from
Hardened Gentoo Gentoo Linux (pronounced ) is a Linux distribution built using the Portage (software), Portage package management system. Unlike a binary software distribution, the source code is compiled locally according to the user's preferences and is ofte ...
Linux. It aims to provide a very secure, stable, and fast Desktop computer, desktop environment that lives purely in List of Linux distributions that run from RAM, RAM.


Other Linux distributions

* Alpine Linux is an actively maintained lightweight musl and BusyBox-based distribution. It uses PaX and grsecurity patches in the default kernel and compiles all packages with stack-smashing protection. * Annvix was originally forked from Mandriva to provide a security-focused server distribution that employs ProPolice protection, hardened configuration, and a small footprint. There were plans to include full support for the RSBAC mandatory access control system. Annvix is dormant, however, with the last version being released on 30 December 2007. * EnGarde Secure Linux is a secure platform designed for servers. It has had a browser-based tool for Mandatory access control, MAC using SELinux since 2003. Additionally, it can be accompanied with Web, DNS, and email enterprise applications, specifically focusing on security without any unnecessary software. The community platform of EnGarde Secure Linux is the bleeding-edge version freely available for download. * Immunix was a commercial distribution of Linux focused heavily on security. They supplied many systems of their own making, including StackGuard; cryptographic signing of executables; race condition patches; and format string exploit guarding code. Immunix traditionally releases older versions of their distribution free for non-commercial use. The Immunix distribution itself is licensed under two licenses: The Immunix commercial and non-commercial licenses. Many tools within are GPL, however, as is the kernel. * Solar Designer's Openwall Project (Owl) was the first distribution to have a Executable space protection, non-executable userspace Call stack, stack, /tmp race condition protection, and access control restrictions to /proc data, by way of a kernel (computer science), kernel patch (computing), patch. It also features a per-user tmp directory via the pam_mktemp Pluggable Authentication Modules, PAM module, and supports Blowfish (cipher), Blowfish password encryption.


BSD-based

* TrustedBSD is a sub-project of FreeBSD designed to add trusted operating system extensions, targeting the Common Criteria for Information Technology Security Evaluation (see also TCSEC, Orange Book). Its main focuses are working on access control lists, event auditing, extended attributes, mandatory access controls, and fine-grained Capability-based security, capabilities. Since access control lists are known to be confronted with the confused deputy problem, capabilities are a different way to avoid this issue. As part of the TrustedBSD project, there is also a port of NSA's FLASK/TE implementation to run on FreeBSD. Many of these trusted extensions have been integrated into the main FreeBSD branch starting at 5.x. * OpenBSD is a research operating system for developing security mitigations.


Object-capability systems

These operating systems are all engineered around the Object-capability model, object-capabilities security paradigm, where instead of having the system deciding if an access request should be granted the bundling of authority and designation makes it impossible to request anything not legitimate. * CapROS * EROS (microkernel), EROS * Genode * L4 microkernel family, Fiasco.OC * KeyKOS * L4 microkernel family, seL4


Solaris-based

* Trusted Solaris was a security-focused version of the Solaris Unix operating system. Aimed primarily at the government computing sector, Trusted Solaris adds detailed auditing of all tasks, pluggable authentication, mandatory access control, additional physical authentication devices, and fine-grained access control. Trusted Solaris is Common Criteria certified. The most recent version, Trusted Solaris 8 (released 2000), received the EAL4 certification level augmented by a number of protection profiles. Telnet was vulnerable to buffer overflow exploits until patched in April 2001.


See also


References

{{Reflist, 30em, refs= Pentoo (Gentoo) Based Linux Review, Features and Screenshot Tour
TecMint.
KITE Introduces a New Secured FOSS Based Operating System
/ref> A Look at Pentoo Linux and Its Security Analysis Tools
eWeek
12 Best Operating Systems For Ethical Hacking And Penetration Testing , 2018 Edition
/ref> Operating system security Operating system technology Security