|
This is an alphabetical list of operating systems with a sharp security focus. Their order does not imply rank. In addition, some operating systems meet certain evaluation criteria: they can be described as security-evaluated operating systems; but this as such does not make them secure. To meet Wikipedias quality standards, this article or section may require cleanup. ...
Computer security is a field of computer science concerned with the control of risks related to computer use. ...
A security-evaluated operating system is an operating system that has achieved a certification from an external security auditing organization, such as a B2 or A1 CSC-STD-001-83 Department of Defense Trusted Computer System Evaluation Criteria or Common Criteria certification. ...
In our context, "Security-focused" means that the project is devoted to increasing the security as a major goal. As such, something can be secure without being "security-focused." For example, almost all of the operating systems mentioned here are faced with security bug fixes in their life time; however, they do all strive to consistently approach all generic security flaws inherent in their design with new ideas in an attempt to create a secure computing environment.
[edit]
BSD BSD is a family of free, open source Unix variants derived from a codebase originating at the University of California, Berkeley. All derived BSD operating systems are released under the terms of a BSD-style license. There are several BSD variants, with only one being heavily focused on security. Berkeley Software Distribution (BSD, sometimes called Berkeley Unix) is the Unix derivative distributed by the University of California, Berkeley starting in the 1970s. ...
Open source refers to projects that are open to the public and which draw on other projects that are freely available to the general public. ...
Unix or UNIX is a computer operating system originally developed in the 1960s and 1970s by a group of AT&T employees at Bell Labs including Ken Thompson, Dennis Ritchie, and Douglas McIlroy. ...
The University of California, Berkeley (also known as UC Berkeley, Berkeley, Cal, and by other names, see below) is the oldest and flagship campus of the ten-campus University of California system. ...
The BSD license is a permissive license and is one of the most widely used free software licenses. ...
[edit]
OpenBSD OpenBSD is an open source BSD operating system that is known to be concerned heavily with security. The project has completed rigorous manual sweeps of the code to address issues most systems have not. OpenBSD also supplies an executable space protection scheme known as W^X, as well as a ProPolice compiled executable base. OpenBSD is a freely available Unix-like computer operating system descended from Berkeley Software Distribution (BSD), a Unix derivative created at the University of California, Berkeley. ...
BSD redirects here; for other uses see BSD (disambiguation). ...
W^X (pronounced W xor X[1]) is the name of a security feature present in the OpenBSD operating system. ...
The Stack-Smashing Protector (sometimes called SSP, formerly known as ProPolice) is an extension to the GNU Compiler Collection that helps mitigate the damage that can be done by buffer overflow-based attacks. ...
[edit]
TrustedBSD TrustedBSD is a sub-project of FreeBSD designed to add trusted operating system extensions, targeting the Common Criteria for Information Technology Security Evaluation (see also Orange Book). Its main focuses are working on access control lists, event auditing, extended attributes, mandatory access controls, and fine-grained capabilities. Since access control lists are known to be confronted with the confused deputy problem, capabilities are a different way to avoid this issue. As part of the TrustedBSD project, there is also a port of the NSA's FLASK/TE implementation in SELinux to run on FreeBSD. Many of these trusted extensions have been integrated into the FreeBSD 5.x current development track. The TrustedBSD project provides a set of trusted operating system extensions to the FreeBSD operating system, begun primarily by Robert Watson, the goal of the project has been implementing concepts from the Common Criteria for Information Technology Security Evaluation, the Orange Book. ...
FreeBSD is a Unix-like free operating system descended from AT&T UNIX via the Berkeley Software Distribution (BSD) branch through the 386BSD and 4. ...
The Common Criteria (CC) is an international standard (ISO 15408) for computer security. ...
The introduction to this article provides insufficient context for those unfamiliar with the subject matter. ...
The access control list (ACL) is a concept in computer security used to enforce privilege separation. ...
In computing, a mandatory access control (MAC) technique protects and contains computer processes, data, and system devices from misuse. ...
A capability (also known as a key) is a concept in secure computing. ...
In information security, the Confused Deputy Problem is a canonical example of why capability-based security is important. ...
[edit]
Linux Linux is a free, open source Unix variant created by Linus Torvalds. Linux itself is not inherently security-focused; however, many distributions and projects attempt to make Linux secure. It is also free, and licensed under the GNU GPL v2 open source license. The Linux kernel is a Unix-like operating system kernel that was begun by Linus Torvalds in 1991 and subsequently developed with the assistance of developers worldwide. ...
Unix or UNIX is a computer operating system originally developed in the 1960s and 1970s by a group of AT&T employees at Bell Labs including Ken Thompson, Dennis Ritchie, and Douglas McIlroy. ...
Linux (also known as GNU/Linux) is a Unix-like computer operating system. ...
[edit]
Adamantix Adamantix is a Debian-based, security-focused Linux distribution (formerly named Trusted Debian). It employs a PaX and ProPolice protected base, and utilizes the RSBAC Mandatory access control system. Adamantix, also known as Trusted Debian, is a security focused operating system based on Debian GNU/Linux. ...
Debian, organized by the Debian Project, is a widely used distribution of free software developed through the collaboration of volunteers from around the world. ...
In computer security, PaX is a patch for the Linux kernel that implements least privilege protections for memory pages. ...
The Stack-Smashing Protector (sometimes called SSP, formerly known as ProPolice) is an extension to the GNU Compiler Collection that helps mitigate the damage that can be done by buffer overflow-based attacks. ...
RSBAC (Rule Set Based Access Control) is a flexible, powerful and fast open source access control framework for current Linux kernels, which has been in stable production use since January 2000 (version 1. ...
In computing, a mandatory access control (MAC) technique protects and contains computer processes, data, and system devices from misuse. ...
[edit]
Annvix Annvix was originally forked from Mandriva to provide a security-focused server distribution that employs ProPolice protection, hardened configuration, and a small footprint. Plans are to include full support for the RSBAC Mandatory access control system in the near future. Annvix is a security focused operating system based on Mandriva (originally forked from Mandrake Linux 9. ...
Mandriva (merger of Mandrakesoft, Lycoris, and Conectiva) is a French software company, and creator of Mandriva Linux. ...
The Stack-Smashing Protector (sometimes called SSP, formerly known as ProPolice) is an extension to the GNU Compiler Collection that helps mitigate the damage that can be done by buffer overflow-based attacks. ...
RSBAC (Rule Set Based Access Control) is a flexible, powerful and fast open source access control framework for current Linux kernels, which has been in stable production use since January 2000 (version 1. ...
In computing, a mandatory access control (MAC) technique protects and contains computer processes, data, and system devices from misuse. ...
[edit]
Hardened Gentoo Hardened Gentoo is a subproject of the Gentoo Linux project. Hardened Gentoo is a version of Gentoo Linux that has been enhanced with security addons. ...
Gentoo Linux is a Linux distribution named after the Gentoo Penguin. ...
Linux (also known as GNU/Linux) is a Unix-like computer operating system. ...
Hardened Gentoo offers a ProPolice protected and Position Independent Executable base using the exact same package tree as Gentoo. Executable space protection in Hardened Gentoo is handled by PaX. In computer security, PaX is a patch for the Linux kernel that implements least privilege protections for memory pages. ...
The Hardened Gentoo project is an extremely modular project, and also provides subprojects to integrate other intrusion-detection and Mandatory access control systems into Gentoo. All of these can be optionally installed in any combination, with or without PaX and a ProPolice base. An Intrusion Detection System (or IDS) generally detects unwanted manipulations to systems. ...
In computing, a mandatory access control (MAC) technique protects and contains computer processes, data, and system devices from misuse. ...
In computer security, PaX is a patch for the Linux kernel that implements least privilege protections for memory pages. ...
[edit]
Immunix Immunix is a commercial distribution of Linux focused heavily on security. They supply many systems of their own making, including StackGuard; cryptographic signing of executables; race condition patches; and format string exploit guarding code. Immunix traditionally releases older versions of their distribution free for non-commercial use. Immunix is a commercial distribution of Linux with several security hardening features. ...
StackGuard is an extension that provides stack-smashing protection to the C compiler in the GNU Compiler Collection. ...
Note that the Immunix distribution itself is licensed under two licenses: The Immunix commercial and non-commercial licenses. Many tools within are GPL, however; as is the kernel.
[edit]
Openwall Project Owl by a developer known as Solar Designer was the first distribution to have a non-executable userspace stack, /tmp race condition protection and access control restrictions to /proc data, by way of a kernel patch. It also features a per-user tmp directory via the pam_mktemp PAM module, and supports Blowfish password encription. Openwall is a source for different software, including Openwall GNU/*/Linux (Owl), a security-enhanced GNU/*/Linux-based server platform. ...
Solar Designer is security specialist from Russia known by his publications on exploitations techniques (Return into (g)libc buffer overflow exploitation), computer security protection techniques (privilege separation for daemon process), security audit tools (John-the-Ripper) and Linux programming (OpenWall Project) . Categories: Computer stubs ...
In computer security, executable space protection is the marking of memory regions as non-executable, such that an attempt to execute machine code in these regions will cause an exception. ...
An operating system usually segregates the available system memory into kernel space and user space. ...
In computer science, a call stack is a special stack which stores information about the active subroutines of a computer program. ...
A race hazard (or race condition) is a flaw in a system or process where the output exhibits unexpected critical dependence on the relative timing of events. ...
In security, specifically physical security, the term access control refers to the practice of restricting entrance to a property, a building, or a room to authorized persons. ...
A kernel connects the software and hardware of a computer. ...
A Patch can refer to several different things: A piece of fabric. ...
Pluggable authentication modules or PAM are a mechanism to integrate multiple low-level authentication schemes into a high-level API, which allows for programs that rely on authentication to be written independently of the underlying authentication scheme. ...
General Designer(s) Bruce Schneier First published 1993 Derived from - Cipher(s) based on this design Twofish Algorithm detail Block size(s) 64 bits Key size(s) 32-448 bits in steps of 8 bits; default 128 bits Structure Feistel network Number of rounds 16 Best cryptanalysis Four rounds of...
[edit]
Wendzel Linux Wendzel-Linux is a small Distribution for Firewall, IDS, VPN and Authentication jobs that is still under heavy development. It is a modified Slackware Distribution but hardened and minimalized and including the grsec kernel patch, hardened versions of some Slackware packages, and a hardened system configuration. [edit]
Solaris Solaris is a Unix variant created by Sun Microsystems. Solaris itself is not inherently security-focused. It is also free, and licensed under the CDDL open source license. Solaris is a computer operating system developed by Sun Microsystems. ...
Unix or UNIX is a computer operating system originally developed in the 1960s and 1970s by a group of AT&T employees at Bell Labs including Ken Thompson, Dennis Ritchie, and Douglas McIlroy. ...
Sun Microsystems, Inc. ...
Common Development and Distribution License (CDDL) is an open source license, produced by Sun Microsystems, based the Mozilla Public License, version 1. ...
An open-source license is a copyright license for computer software that makes the source code available under terms that allow for modification and royalty-free redistribution. ...
[edit]
Trusted Solaris Trusted Solaris is a security-focused version of the Solaris Unix operating system. Aimed primarily at the government computing sector, Trusted Solaris adds detailed auditing of all tasks, pluggable authentication, mandatory access control, additional physical authentication devices, and fine-grained access control. Versions of Trusted Solaris through version 8 are Common Criteria certified. See [1] and [2] Trusted Solaris Version 8 received the EAL4 certification level augmented by a number of protection profiles. See [3] for explanation of The Evaluation Assurance Levels. In computing, Trusted Solaris is a security-evaluated operating system based on Solaris. ...
Authentication (Greek: αυθεντικός = real or genuine, from authentes = author ) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. ...
In security, specifically physical security, the term access control refers to the practice of restricting entrance to a property, a building, or a room to authorized persons. ...
The Common Criteria (CC) is an international standard (ISO 15408) for computer security. ...
[edit]
See also [edit] The Common Criteria (CC) is an international standard (ISO 15408) for computer security. ...
The introduction to this article provides insufficient context for those unfamiliar with the subject matter. ...
The following tables compare general and technical information for a number of widely used and currently available operating systems. ...
A capability (also known as a key) is a concept in secure computing. ...
Computer security is a field of computer science concerned with the control of risks related to computer use. ...
Computer security is a field of computer science concerned with the control of risks related to computer use. ...
IX was a security focused variant of the Tenth Edition Research Unix operating system, developed by Douglas McIlroy and Jonathan Reeds at Bell Labs in 1992. ...
OpenBSM is an open source implementation of Suns Basic Security Module (BSM) Audit API and file format. ...
A security-evaluated operating system is an operating system that has achieved a certification from an external security auditing organization, such as a B2 or A1 CSC-STD-001-83 Department of Defense Trusted Computer System Evaluation Criteria or Common Criteria certification. ...
Security engineering is the field of engineering dealing with the security and integrity of real-world systems. ...
External links |
![[2]](http://wwws.sun.com/software/security/securitycert/images/TSol8_7-03CMS.jpg){kind=link}
Feeds |
Contact