- Security-focused operating system
This is an alphabetical list of
operating systems with a sharp security focus. Their order does not imply rank.
In our context, "Security-focused" means that the project is devoted to increasing the security as a major goal. As such, something can be secure without being "security-focused." For example, almost all of the operating systems mentioned here are faced with security bug fixes in their life time; however, they do all strive to consistently approach all generic security flaws inherent in their design with new ideas in an attempt to create a secure computing environment.
BSD is a family of
Unixvariants derived from a code base originating at the University of California, Berkeley. All derived BSD operating systems are released under the terms of a BSD-style license. There are several BSD variants, with only one being heavily focused on security.
OpenBSDis an open source BSDoperating system that is known to be concerned heavily with security. The project has completed rigorous manual reviews of the code and addressed issues most systems have not. OpenBSD also supplies an executable space protection scheme known as W^X(memory is writable xorexecutable), as well as a ProPolicecompiled executable base.
TrustedBSDis a sub-project of FreeBSDdesigned to add trusted operating system extensions, targeting the Common Criteriafor Information Technology Security Evaluation (see also Orange Book). Its main focuses are working on access control lists, event auditing, extended attributes, mandatory access controls, and fine-grained capabilities. Since access control lists are known to be confronted with the confused deputy problem, capabilities are a different way to avoid this issue. As part of the TrustedBSD project, there is also a port of the NSA's FLASK/TE implementation to run on FreeBSD. Many of these trusted extensions have been integrated into the main FreeBSD branch starting at 5.x.
Linuxitself is not inherently security-focused; however, many distributions and projects attempt to make Linux secure.
Adamantix is a
Debian-based, security-focused Linux distribution (formerly named Trusted Debian). It employs a PaXand ProPoliceprotected base, and utilizes the RSBAC Mandatory access controlsystem.
Annvixwas originally forked from Mandrivato provide a security-focused server distribution that employs ProPoliceprotection, hardened configuration, and a small footprint. Plans are to include full support for the RSBAC Mandatory access controlsystem in the near future.
EnGarde Secure Linux
EnGarde Secure Linuxis a secure platform designed for servers. It has boasted a browser-based tool for MAC using SELinux since 2003. Additionally, it can be accompanied with Web, DNS, and Email enterprise applications, specifically focusing on security without any unnecessary software. The community platform of EnGarde Secure Linuxis the bleeding-edge version freely available for download.
Fedora is a free,
Red Hatsponsored community developed Linux distribution. It is the only mainstream Linux distribution with a concentrated effort to improve system security,Fact|date=July 2008 as a consequence it boasts a fully integrated SELinuxMAC and fine-grained executable memory permission system ( Exec Shield) and all binaries compiled with GCC's standard stack-smashing protection, as well as focusing on getting security updates into the system in a timely manner.
Hardened Gentoois a subproject of the Gentoo Linuxproject.
Hardened Gentoo offers a ProPolice protected and Position Independent Executable base using the exact same package tree as Gentoo. Executable space protection in Hardened Gentoo is handled by
The Hardened Gentoo project is an extremely modular project, and also provides subprojects to integrate other intrusion-detection and
Mandatory access controlsystems into Gentoo. All of these can be optionally installed in any combination, with or without PaXand a ProPolice base.
Hardened Linux is a small Distribution for Firewalls, Intrusion Detection Systems, VPN-Gateways and Authentication jobs that is still under heavy development. It includes GRSecurity, PaX and GCC stack smashing protection.
Immunixis a commercial distribution of Linux focused heavily on security. They supply many systems of their own making, including StackGuard; cryptographic signing of executables; race condition patches; and format string exploit guarding code. Immunix traditionally releases older versions of their distribution free for non-commercial use.
Note that the Immunix distribution itself is licensed under two licenses: The Immunix commercial and non-commercial licenses. Many tools within are GPL, however; as is the kernel.
Owl by a developer known as
Solar Designerwas the first distribution to have a non-executable userspacestack, /tmp race conditionprotection and access controlrestrictions to /proc data, by way of a kernel patch. It also features a per-user tmp directory via the pam_mktemp PAM module, and supports Blowfish password encryption.
Red Hat Enterprise Linux
Red Hat Enterprise Linux- offers the same security benefits as Fedora with the additional support of back-porting security fixes to the released versions of the packages (particularly the kernel) so the sys-admin does not have to perform a significant (and risky) upgrade to get a security fix.
Solaris is a free
Unixvariant created by Sun Microsystems. Solaris itself is not inherently security-focused. Solaris is based upon the OpenSolarisproject which is mostly licensed under the CDDL open source license. OpenSolaris features such as ZFS and refinements to security are merged upstream to the official Solaris variant after Sun certifies quality of the enhancements.
Trusted Solarisis a security-focused version of the Solaris Unix operating system. Aimed primarily at the government computing sector, Trusted Solaris adds detailed auditing of all tasks, pluggable authentication, mandatory access control, additional physical authentication devices, and fine-grained access control. Trusted Solaris is Common Criteriacertified. (See [http://wwws.sun.com/software/security/securitycert/trustedsolaris.html] and [http://wwws.sun.com/software/security/securitycert/images/TSol8_7-03CMS.jpg] )The most recent version, Trusted Solaris 8, received the EAL4 certification level augmented by a number of protection profiles.
Solaris 10 and trusted functionality
Trusted Solaris functionality has now been added to the mainstream version of Solaris. In the 11/06 update to Solaris 10, the "Solaris Trusted Extensions" feature adds mandatory access control and labelled security. Introduced in the same update, the "Secure by Default Networking " feature implements less services on by default compared to most previous releases which had most services enabled. RBAC, found in both mainstream Solaris and Trusted Solaris, dramatically lessens the need for using root directly by providing a way for fine grained control over various administrative tasks.
* Orange Book
Comparison of operating systems
* Capabilities vs. ACLs
IX (operating system)
Security-evaluated operating system
Trusted operating system
* [http://www.openbsd.org OpenBSD]
* [http://adamantix.org/ Adamantix]
* [http://hardenedlinux.sourceforge.net/ Hardened Linux]
* [http://www-128.ibm.com/developerworks/linux/library/l-sppriv.html?ca=dgr-lnxw04Privileges Security mechanisms in newer operating systems]
Wikimedia Foundation. 2010.
Look at other dictionaries:
Security-evaluated operating system — A security evaluated operating system is an operating system that has achieved a certification from an external security auditing organization, such as a B2 or A1 CSC STD 001 83 Department of Defense Trusted Computer System Evaluation Criteria or … Wikipedia
Operating system advocacy — is the practice of attempting to increase the awareness and improve the perception of a computer operating system. The motivation behind this may be to increase the number of users of a system, to assert the superiority of one choice over another … Wikipedia
Operating system — Operating systems … Wikipedia
Trusted operating system — (TOS) generally refers to an operating system that provides sufficient support for multilevel security and evidence of correctness to meet a particular set of government requirements.The most common set of criteria for trusted operating system… … Wikipedia
Secure operating system — The term secure operating system is a misnomer. Relevant articles include: * Security focused operating system * Security evaluated operating system … Wikipedia
Distributed operating system — A distributed operating system is the logical aggregation of operating system software over a collection of independent, networked, communicating, and spatially disseminated computational nodes. Individual system nodes each hold a discrete… … Wikipedia
Mobile operating system — A mobile operating system, also known as a mobile OS, mobile software platform or a handheld operating system, is the operating system that controls a mobile device or information appliance similar in principle to an operating system such as… … Wikipedia
A+ Core Operating System Technologies Exam — The A+ Operating System Technologies Exam is the second half of the CompTIA A+ professional certification process. It covers basic knowledge of operating systems including major subsystems, configuration methods, and important standards. It was… … Wikipedia
IX (operating system) — Infobox OS name = IX caption = developer = family = Research Unix source model = working state = Historic latest release version = latest release date = kernel type = license = website = IX was a security focused variant of the Tenth Edition… … Wikipedia
Operating Manual for Spaceship Earth — Author(s) … Wikipedia