Security-focused operating system
This article possibly contains original research. (December 2012)
This is a list of operating systems with a sharp security focus. Here, "security-focused" means that the project is devoted to increasing the security as a major goal. As such, something can be secure without being "security-focused." For example, almost all of the operating systems mentioned here are faced with security bug fixes in their lifetime; however, they all strive to consistently approach all generic security flaws inherent in their design with new ideas in an attempt to create a secure computing environment. Security-focused does not mean security-evaluated operating system, which refers to operating systems that have achieved certification from an external security-auditing organization. An operating system that provides sufficient support for multilevel security and evidence of correctness to meet a particular set of government requirements is called a "trusted operating system". The list is alphabetical and does not imply a ranking.
- 1 BSD
- 2 Linux
- 2.1 Alpine Linux
- 2.2 Annvix
- 2.3 Debian
- 2.4 EnGarde Secure Linux
- 2.5 Fedora
- 2.6 Hardened Gentoo
- 2.7 Hardened Linux
- 2.8 Immunix
- 2.9 Kali Linux
- 2.10 Mempo
- 2.11 Openwall Project
- 2.12 Parrot Security OS
- 2.13 Pentoo Project
- 2.14 Qubes OS
- 2.15 Replicant
- 2.16 Red Hat Enterprise Linux
- 2.17 Subgraph OS
- 2.18 Tails (The Amnesic Incognito Live System)
- 2.19 Ubuntu Privacy Remix
- 2.20 Whonix (anonymous operating system)
- 2.21 IprediaOS
- 2.22 Liberté Linux
- 2.23 Security Onion
- 3 Solaris
- 4 Microsoft Windows Server
- 5 Object-capability systems
- 6 See also
- 7 References
- 8 External links
BSD is a family of Unix variants derived from a code base originating at the University of California, Berkeley. All derived BSD operating systems are released under the terms of a BSD-style license. There are several BSD variants, with only one being heavily focused on security.
OpenBSD is an open source BSD operating system that is known to be concerned heavily with security. The project has completed rigorous manual reviews of the code and addressed issues most systems have not. OpenBSD also supplies an executable space protection scheme known as W^X (memory is writeable xor executable), as well as a ProPolice compiled executable base. OpenBSD became the first mainstream operating system to support partial ASLR and to activate it by default, ASLR support was completed in 2008 when it added support for position-independent executable (PIE) binaries.
TrustedBSD is a sub-project of FreeBSD designed to add trusted operating system extensions, targeting the Common Criteria for Information Technology Security Evaluation (see also Orange Book). Its main focuses are working on access control lists, event auditing, extended attributes, mandatory access controls, and fine-grained capabilities. Since access control lists are known to be confronted with the confused deputy problem, capabilities are a different way to avoid this issue. As part of the TrustedBSD project, there is also a port of the NSA's FLASK/TE implementation to run on FreeBSD. Many of these trusted extensions have been integrated into the main FreeBSD branch starting at 5.x.
HardenedBSD is a forked project from FreeBSD, that brings low level security enhancements to the FreeBSD project, by aiming "to continuously implement kernel and userland hardening features, such as Address Space Layout Randomization (ASLR), mprotect hardening, Position Independent Executable (PIE) support, and PTrace hardening, among other features." Together with TrustedBSD, the HardenedBSD project resembles Trusted Solaris, a precursor which provided further security enhancements to the Solaris operating system. These early enhancements found their way into security features across a number of different operating systems, mostly Unix-like ones.
The Linux kernel provides among other security features the Linux Security Module (LSM), officially integrated with the mainline Linux kernel since 2003. However, there have been specialized distributions and projects which attempt to make Linux more secure in general or for particular scenarios.
Alpine Linux is a lightweight musl and BusyBox-based distribution. It uses PaX and grsecurity patches in the default kernel and compiles all packages with stack-smashing protection. Version 3.0 was released June 4, 2014.
Annvix was originally forked from Mandriva to provide a security-focused server distribution that employs ProPolice protection, hardened configuration, and a small footprint. There were plans to include full support for the RSBAC mandatory access control system. However, Annvix is dormant, with the last version being released on December 30, 2007.
The "Securing Debian Manual" contains information for Debian administrators. Debian includes support for SELinux since version 5.0, as well as AppArmor and Tomoyo. See also Debian Security information and policy.
EnGarde Secure Linux
EnGarde Secure Linux is a secure platform designed for servers. It has had a browser-based tool for MAC using SELinux since 2003. Additionally, it can be accompanied with Web, DNS, and email enterprise applications, specifically focusing on security without any unnecessary software. The community platform of EnGarde Secure Linux is the bleeding-edge version freely available for download.
Fedora is a free, Red Hat-sponsored community-developed Linux distribution. Fedora is a mainstream distribution that makes significant efforts to improve security. As a consequence it has a fully integrated SELinux MAC and fine-grained executable memory permission system (Exec Shield) and all binaries compiled with GCC's standard stack-smashing protection, as well as focusing on getting security updates into the system in a timely manner.
Hardened Gentoo is a sub-project of the Gentoo Linux project. Hardened Gentoo offers a ProPolice protected and position-independent executable base using exactly the same package tree as Gentoo. Executable space protection in Hardened Gentoo is handled by PaX. The Hardened Gentoo project is an extremely modular[clarification needed] project, and also provides subprojects to integrate other intrusion-detection and mandatory access control systems into Gentoo. All of these can be optionally installed in any combination, with or without PaX and a ProPolice base.
Hardened Linux is a small distribution for firewalls, intrusion detection systems, VPN-gateways and authentication jobs that is still under heavy development. It includes grsecurity, PaX and GCC stack smashing protection.
Immunix was a commercial distribution of Linux focused heavily on security. They supplied many systems of their own making, including StackGuard; cryptographic signing of executables; race condition patches; and format string exploit guarding code. Immunix traditionally releases older versions of their distribution free for non-commercial use. The Immunix distribution itself is licensed under two licenses: The Immunix commercial and non-commercial licenses. Many tools within are GPL, however; as is the kernel.
Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing, formerly known as Backtrack.
Mempo  is a privacy-focused derivative of Debian and aims to provide the "most secure and yet comfortable out-of-the-box Desktop and Server"[this quote needs a citation] operating system. Among others, Mempo also relies on the Freenet and Tor.
Solar Designer's Openwall Project (Owl) was the first distribution to have a non-executable userspace stack, /tmp race condition protection and access control restrictions to /proc data, by way of a kernel patch. It also features a per-user tmp directory via the pam_mktemp PAM module, and supports Blowfish password encryption.
Parrot Security OS
Parrot Security OS is a Debian-based GNU/Linux distribution designed to perform security and penetration tests, do forensic analysis or act in anonymity. It uses the MATE Desktop Environment, Linux Kernel 3.16 or higher and it is available as a live lightweight installable ISO image for 32-bit, 64-bit and ARM processors with forensic options at boot, optimizations for programmers and new custom pentesting tools.
Pentoo Penetration Testing Overlay and Livecd is a live CD and Live USB designed for penetration testing and security assessment. Based on Gentoo Linux, Pentoo is provided both as 32-bit and 64-bit installable live cd. Pentoo is also available as an overlay for an existing Gentoo installation. It features packet injection patched wifi drivers, GPGPU cracking software, and lots of tools for penetration testing and security assessment. The Pentoo kernel includes grsecurity and PAX hardening and extra patches – with binaries compiled from a hardened toolchain with the latest nightly versions of some tools available.
Qubes OS is a Linux distribution based around the Xen hypervisor that allows to group programs into a number of isolated sandboxes (virtual machines) to provide security. Windows for programs running within these sandboxes ("security domains") can be color coded for easy recognition. The security domains are configurable, they can be transient (changes to the file system will not be preserved), and their network connection can be routed through special virtual machines (for example one that only provides Tor networking). The operating system provides secure mechanisms for copy and paste and for copying files between the security domains. 
Replicant is a free and open-source operating system based on the Android mobile platform, which aims to replace all proprietary Android components with their free software counterparts. It is available for several smartphones and tablet computers.
In March 2014, the Replicant project announced the discovery of a backdoor present in a wide range of Samsung Galaxy products that allows the baseband processor to read and write the device's storage, sometimes with normal user privileges and sometimes as the root user depending on device model. It is unknown[by whom?] whether Samsung's proprietary firmware for the radio chip can be remotely instructed to use these access features and whether the vulnerability was introduced with legitimate uses in mind.
Red Hat Enterprise Linux
Red Hat Enterprise Linux offers the same security benefits as Fedora with the additional support of back-porting security fixes to the released versions of the packages (particularly the kernel) so the sys-admin does not have to perform a significant (and risky) upgrade to get a security fix.
Currently still under development, Subgraph OS is designed to be difficult to attack. This is accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also places emphasis on the integrity of installable software packages. It features Grsecurity/PaX, Linux Namespaces and Xpra for application containment, mandatory file system encryption, and resistance to cold boot attacks and ensures each application goes through a different circuit over the Tor network.
Tails (The Amnesic Incognito Live System)
Tails or The Amnesic Incognito Live System is a Linux distribution aimed at preserving privacy and anonymity. It is the next iteration of development on the Incognito Linux distribution. It is based on Debian, with all outgoing connections forced to go through Tor and optionally I2P. Direct (non-anonymous) connections are blocked. The system is designed to be booted as a live CD or USB and no trace (digital footprint) is left on local storage unless explicitly told to. The Tor Project has provided most of the financial support for development.
Ubuntu Privacy Remix
Ubuntu Privacy Remix is a distribution based on Ubuntu, focused on security.
Whonix (anonymous operating system)
Whonix is an anonymous general-purpose operating system based on VirtualBox, Debian GNU/Linux, Tor, and optionally I2P. By Whonix design, IP and DNS leaks are impossible. Not even malware as superuser can find out the user's real IP address or location, because Whonix consists of two (virtual) machines. One machine solely runs Tor and acts as a gateway, called Whonix-Gateway. The other machine, called Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible.
IprediaOS is an operating system in which all connections go through I2P. This system is notable by his use of anonymous bittorrent download. But it is known as using out-of date I2P version, so users focusing on security must update I2P before use.
Liberté Linux is a secure, reliable, lightweight and easy to use Gentoo-based LiveUSB/SD/CD Linux distribution with the primary purpose of enabling anyone to communicate safely and covertly in hostile environments. The last official release was in 2012, and seems to have been abandoned at this point.
Solaris is a Unix variant created by Sun Microsystems. Solaris itself is not inherently security-focused. The major portion of the Solaris source code has been released via the OpenSolaris project, mostly under the Common Development and Distribution License. Enhancements to OpenSolaris, both security related and others, are backported to the official Solaris when Sun certifies their quality.
Trusted Solaris is a security-focused version of the Solaris Unix operating system. Aimed primarily at the government computing sector, Trusted Solaris adds detailed auditing of all tasks, pluggable authentication, mandatory access control, additional physical authentication devices, and fine-grained access control. Trusted Solaris is Common Criteria certified. (See  and ) The most recent version, Trusted Solaris 8 (released 2000), received the EAL4 certification level augmented by a number of protection profiles. Telnet was vulnerable to buffer overflow exploits until patched in April 2001.
Solaris 10 and trusted functionality
Trusted Solaris functionality has now been added to the mainstream version of Solaris. In the 11/06 update to Solaris 10, the Solaris Trusted Extensions feature adds mandatory access control and labelled security. Introduced in the same update, the Secure by Default Networking feature implements less services on by default compared to most previous releases which had most services enabled. RBAC, found in both mainstream Solaris and Trusted Solaris, dramatically lessens the need for using root directly by providing a way for fine grained control over various administrative tasks.
Microsoft Windows Server
Starting with Windows Server 2008, the server can run in "core" mode. In this mode of operation, the traditional graphical user interface is done away with, and replaced with a Windows command prompt. Roles and software for the server are then installed individually. This serves not only to lessen the strain on system resources produced by unwanted or unneeded applications, but also to reduce the overall "attack surface" of the operating system by virtue of excluding programs that may contain vulnerabilities.
These operating systems are all engineered around a different paradigm of security, object-capabilities, where instead of having the system deciding if an access request should be granted (usually through one or several access control lists), the bundling of authority and designation makes it impossible to request anything not legitimate.
- Operating system (section Security)
- Comparison of operating systems
- Capabilities and access control lists
- IX (operating system)
- Security-evaluated operating system
- Trusted operating system
- Security engineering
- Damn Vulnerable Linux
- McIntire, Tim (8 August 2006). "Take a closer look at OpenBSD". IBM. Retrieved 19 February 2015.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- "HardenedBSD – Proactive Security Project". http://bsdmag.org. HAKIN9 MEDIA SP. Z O.O. SP. K. Retrieved 12 June 2015. External link in
- Lua error in Module:Citation/CS1/Identifiers at line 47: attempt to index field 'wikibase' (a nil value).
- Percival, Colin, Fabian Keil, delphij, mahrens, et. al. (12 June 2015). "HardenedBSD — sys/dev/xen/blkback blkback.c, sys/dev/xen/blkfront blkfront.c block.h" (4443). secure.freshbsd.org. Retrieved 12 June 2015.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- "Securing Debian Manual". debian.org. Retrieved 19 April 2015.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- "SELinux". debian.org. Retrieved 19 April 2015.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- "SELinux: бронежилет для корпоративного пингвина" (in Russian). 6 September 2011. Retrieved 26 October 2011. Unknown parameter
|trans_title=ignored (help) <templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- "Redirecting..." qubes-os.org. Retrieved 19 April 2015.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- "Overview - Replicant". Redmine.replicant.us. Retrieved 2013-09-30.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- Paul Kocialkowski (February 4, 2012). "WikiStart – Replicant". Redmine.replicant.us. Retrieved 2013-09-30.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- "Android and Users' Freedom - GNU Project - Free Software Foundation". Gnu.org. Retrieved 2013-09-30.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- "About". Replicant project. Retrieved 2013-09-30.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- Don Reisinger (13 March 2014). "Samsung Galaxy devices may have backdoor to user data, developer says". CNET. Retrieved 25 April 2014.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- Michael Larabel (12 March 2014). "Replicant Developers Find Backdoor In Android Samsung Galaxy Devices". Phoronix. Retrieved 25 April 2014.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- Paul Kocialkowski. "Samsung Galaxy Back-door". Replicant Wiki. Archived from the original on 6 April 2014. Retrieved 25 April 2014.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- Grey One. "Linux Distributions Built For Anonymity". GreyCoder. Retrieved 19 April 2015.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- "Ipredia". ipredia.org. Retrieved 19 April 2015.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- "IprediaOS". ipredia.org/os. Retrieved 19 May 2015.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- "IprediaI2P-out-of-date". reddit.com/r/i2p/comments/2hcbhl/anyone_else_here_use_iprediaos/. Retrieved 19 May 2015.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- "DE(E)SU - Liberté Linux". dee.su. Retrieved 19 April 2015.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- Security Onion (official website).
- [http://sourceforge.net/p/security-onion/wiki/Home/ Security Onion Wiki (on SourceForge).
- Security Onion Solutions: Tools (on GitHub).
- "Sun Patch: Trusted Solaris 8 4/01: in.telnet patch". 4 October 2002. Retrieved 13 August 2012.
4734086 in.telnetd vulnerable to buffer overflow ?? (Solaris bug 4483514)<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- "What is Server Core?". Microsoft TechNet. Microsoft Corporation. Retrieved 17 October 2013.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>