This is an alphabetical list of operating systems with a sharp security focus. An operating system (commonly abbreviated OS and O/S) is the software component of a Computer system that is responsible for the management and coordination This article describes how security can be achieved through design and engineering Their order does not imply rank.

In our context, "Security-focused" means that the project is devoted to increasing the security as a major goal. As such, something can be secure without being "security-focused. " For example, almost all of the operating systems mentioned here are faced with security bug fixes in their life time; however, they do all strive to consistently approach all generic security flaws inherent in their design with new ideas in an attempt to create a secure computing environment.

Contents 1 BSD 1.1 OpenBSD 1.2 TrustedBSD 2 Linux 2.1 Adamantix 2.2 Annvix 2.3 EnGarde Secure Linux 2.4 Fedora 2.5 Hardened Gentoo 2.6 Hardened Linux 2.7 Immunix 2.8 Openwall Project 2.9 Red Hat Enterprise Linux 3 Solaris 3.1 Trusted Solaris 3.2 Solaris 10 and trusted functionality 4 See also 5 External links

BSD

BSD is a family of Unix variants derived from a code base originating at the University of California, Berkeley. Unix (officially trademarked as UNIX, sometimes also written as Unix with Small caps) is a computer The University of California Berkeley (also referred to as Cal, Berkeley and UC Berkeley) is a major research university located in Berkeley All derived BSD operating systems are released under the terms of a BSD-style license. BSD licenses represent a family of Permissive free software licences. There are several BSD variants, with only one being heavily focused on security.

OpenBSD

OpenBSD is an open source BSD operating system that is known to be concerned heavily with security. OpenBSD is a Unix-like computer Operating system descended from Berkeley Software Distribution (BSD a Unix derivative developed at the The project has completed rigorous manual reviews of the code and addressed issues most systems have not. OpenBSD also supplies an executable space protection scheme known as W^X (memory is writable xor executable), as well as a ProPolice compiled executable base. W^X (spoken as double-u ex-or ex) is the name of a security feature present in the OpenBSD Operating system. Buffer overflow protection refers to various techniques used during software development to enhance the security of executable programs by detecting Buffer overflows on Stack

TrustedBSD

TrustedBSD is a sub-project of FreeBSD designed to add trusted operating system extensions, targeting the Common Criteria for Information Technology Security Evaluation (see also Orange Book). FreeBSD is a Unix-like free Operating system descended from AT&T UNIX via the Berkeley Software Distribution (BSD branch through FreeBSD is a Unix-like free Operating system descended from AT&T UNIX via the Berkeley Software Distribution (BSD branch through The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an International standard ( ISO / Trusted Computer System Evaluation Criteria ( TCSEC) is a United States Government Department of Defense (DoD standard that sets basic requirements Its main focuses are working on access control lists, event auditing, extended attributes, mandatory access controls, and fine-grained capabilities. In Computer security, an access control list ( ACL) is a list of permissions attached to an object In Computer security, mandatory access control ( MAC) refers to a type of Access control by which the operating system constrains the ability of a subject Capability-based security is a concept in the design of Secure computing systems Since access control lists are known to be confronted with the confused deputy problem, capabilities are a different way to avoid this issue. A confused deputy is a Computer program that is innocently fooled by some other party into misusing its authority As part of the TrustedBSD project, there is also a port of the NSA's FLASK/TE implementation to run on FreeBSD. Many of these trusted extensions have been integrated into the main FreeBSD branch starting at 5. x.

Linux

Linux itself is not inherently security-focused; however, many distributions and projects attempt to make Linux secure. Linux (commonly pronounced ˈlɪnəks

Adamantix

Adamantix is a Debian-based, security-focused Linux distribution (formerly named Trusted Debian). Debian ( pronounced) is a computer Operating system composed entirely of Free and open source software. It employs a PaX and ProPolice protected base, and utilizes the RSBAC Mandatory access control system. In Computer security, PaX is a patch for the Linux kernel that implements least privilege protections for Memory pages The least-privilege Buffer overflow protection refers to various techniques used during software development to enhance the security of executable programs by detecting Buffer overflows on Stack RSBAC (Rule Set Based Access Control is an Open source Access control framework for current Linux kernels which has been in stable production use since In Computer security, mandatory access control ( MAC) refers to a type of Access control by which the operating system constrains the ability of a subject

Annvix

Annvix was originally forked from Mandriva to provide a security-focused server distribution that employs ProPolice protection, hardened configuration, and a small footprint. Annvix is a Security-focused operating system based on Mandriva Linux (originally forked from Mandrake Linux 9 Mandriva SA is a publicly traded (symbolMDKFF Linux and Open source Software company with its headquarters in Paris, France and Buffer overflow protection refers to various techniques used during software development to enhance the security of executable programs by detecting Buffer overflows on Stack Plans are to include full support for the RSBAC Mandatory access control system in the near future. RSBAC (Rule Set Based Access Control is an Open source Access control framework for current Linux kernels which has been in stable production use since In Computer security, mandatory access control ( MAC) refers to a type of Access control by which the operating system constrains the ability of a subject

EnGarde Secure Linux

EnGarde Secure Linux is a secure platform designed for servers. EnGarde Secure Linux is an Open Source server-only Linux distribution developed by Guardian Digital It has boasted a browser-based tool for MAC using SELinux since 2003. In Computer security, mandatory access control ( MAC) refers to a type of Access control by which the operating system constrains the ability of a subject Additionally, it can be accompanied with Web, DNS, and Email enterprise applications, specifically focusing on security without any unnecessary software. The community platform of EnGarde Secure Linux is the bleeding-edge version freely available for download. EnGarde Secure Linux is an Open Source server-only Linux distribution developed by Guardian Digital

Fedora

Fedora Linux is a free, Red Hat sponsored community developed Linux distribution. The Fedora Operating system is an RPM -based general purpose Linux distribution, developed by the community-supported Fedora Project and sponsored In Computing, Red Hat Inc ( is a company dedicated to Free and open source software, and a major Linux distribution vendor A Linux distribution (also called GNU/Linux by distributions such as Debian, Fedora, Ubuntu, Linux Mint, Mandriva and It is the only mainstream Linux distribution with a concentrated effort to improve system security, as a consequence it boasts a fully integrated SELinux MAC and fine-grained executable memory permission system (Exec Shield) and all binaries compiled with GCC's standard stack-smashing protection, as well as focusing on getting security updates into the system in a timely manner. Security-Enhanced Linux ( SELinux) is a Linux feature that provides a variety of security policies including U In Computer security, mandatory access control ( MAC) refers to a type of Access control by which the operating system constrains the ability of a subject Exec Shield is a project started at Red Hat Inc in late 2002 with the aim of reducing the risk of worm or other automated remote attacks on Linux systems The GNU Compiler Collection (usually shortened to GCC) is a set of Compilers produced for various Programming languages by the GNU Project

Hardened Gentoo

Hardened Gentoo is a subproject of the Gentoo Linux project. Hardened Gentoo is a project of Gentoo Linux that is enhancing the distribution with security addons The Gentoo Linux Operating system (ˈdʒɛntuː is a Linux distribution based on the Portage Package management system.

Hardened Gentoo offers a ProPolice protected and Position Independent Executable base using the exact same package tree as Gentoo. Executable space protection in Hardened Gentoo is handled by PaX. In Computer security, PaX is a patch for the Linux kernel that implements least privilege protections for Memory pages The least-privilege

The Hardened Gentoo project is an extremely modular project, and also provides subprojects to integrate other intrusion-detection and Mandatory access control systems into Gentoo. An Intrusion detection system ( IDS) is software and/or hardware designed to detect unwanted attempts at accessing manipulating and/or disabling of computer systems In Computer security, mandatory access control ( MAC) refers to a type of Access control by which the operating system constrains the ability of a subject All of these can be optionally installed in any combination, with or without PaX and a ProPolice base. In Computer security, PaX is a patch for the Linux kernel that implements least privilege protections for Memory pages The least-privilege

Hardened Linux

Hardened Linux is a small Distribution for Firewalls, Intrusion Detection Systems, VPN-Gateways and Authentication jobs that is still under heavy development. It includes GRSecurity, PaX and GCC stack smashing protection.

Immunix

Immunix is a commercial distribution of Linux focused heavily on security. Immunix was a commercial Operating system that provided host-based application security solutions They supply many systems of their own making, including StackGuard; cryptographic signing of executables; race condition patches; and format string exploit guarding code. Buffer overflow protection refers to various techniques used during software development to enhance the security of executable programs by detecting Buffer overflows on Stack Immunix traditionally releases older versions of their distribution free for non-commercial use.

Note that the Immunix distribution itself is licensed under two licenses: The Immunix commercial and non-commercial licenses. Many tools within are GPL, however; as is the kernel.

Openwall Project

Owl by a developer known as Solar Designer was the first distribution to have a non-executable userspace stack, /tmp race condition protection and access control restrictions to /proc data, by way of a kernel patch. The Openwall Project is a source for various software including Openwall GNU /*/ Linux (Owl a security-enhanced operating system designed for servers Alexander Peslyak (born 1977 better known as Solar Designer, is a security specialist from Russia known by his publications on exploitations techniques (including the In Computer security, executable space protection is the marking of memory regions as non-executable such that an attempt to execute Machine code in these "kernel space" redirects here For mathematical definition see Null space. In Computer science, a call stack is a dynamic stack data structure which stores information about the active Subroutines of a Computer program A race condition or race hazard is a flaw in a System or process whereby the output and/or result of the process is unexpectedly and critically dependent Access control is the ability to permit or deny the use of a particular resource by a particular entity In Computer science, the kernel is the central component of most computer Operating systems (OS It also features a per-user tmp directory via the pam_mktemp PAM module, and supports Blowfish password encryption. Pluggable authentication modules or PAM are a mechanism to integrate multiple low-level Authentication schemes into a high-level Application programming interface In Cryptography, Blowfish is a keyed symmetric Block cipher, designed in 1993 by Bruce Schneier and included in a large number of

Red Hat Enterprise Linux

Red Hat Enterprise Linux - offers the same security benefits as Fedora with the additional support of back-porting security fixes to the released versions of the packages (particularly the kernel) so the sys-admin does not have to perform a significant (and risky) upgrade to get a security fix. Red Hat Enterprise Linux is a Linux distribution produced by Red Hat and targeted toward the commercial market including mainframes.

Solaris

Solaris is a free Unix variant created by Sun Microsystems. Solaris is a Unix -based Operating system introduced by Sun Microsystems in 1992 as the successor to SunOS. Unix (officially trademarked as UNIX, sometimes also written as Unix with Small caps) is a computer Sun Microsystems Inc ( is a multinational vendor of Computers computer components Computer software, and Information technology services Solaris itself is not inherently security-focused. Solaris is based upon the OpenSolaris project which is mostly licensed under the CDDL open source license. OpenSolaris is an Open source project created by Sun Microsystems to build a developer community around Solaris Operating System technology Common Development and Distribution License (CDDL is a Free software license, produced by Sun Microsystems, based on the Mozilla Public License (MPL An open source license is a copyright License for Computer software that makes the source code available under terms that allow for modification and redistribution OpenSolaris features such as ZFS and refinements to security are merged upstream to the official Solaris variant after Sun certifies quality of the enhancements.

Trusted Solaris

Trusted Solaris is a security-focused version of the Solaris Unix operating system. Trusted Solaris is a security-evaluated Operating system based on Solaris by Sun Microsystems, featuring a Mandatory access control model Aimed primarily at the government computing sector, Trusted Solaris adds detailed auditing of all tasks, pluggable authentication, mandatory access control, additional physical authentication devices, and fine-grained access control. Authentication (from Greek αυθεντικός real or genuine from authentes author is the act of establishing or confirming something (or someone as Access control is the ability to permit or deny the use of a particular resource by a particular entity Trusted Solaris is Common Criteria certified. The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an International standard ( ISO / (See [1] and [2]) The most recent version, Trusted Solaris 8, received the EAL4 certification level augmented by a number of protection profiles.

Solaris 10 and trusted functionality

Trusted Solaris functionality has now been added to the mainstream version of Solaris. In the 11/06 update to Solaris 10, the Solaris Trusted Extensions feature adds mandatory access control and labelled security. Introduced in the same update, the Secure by Default Networking feature implements less services on by default compared to most previous releases which had most services enabled. RBAC, found in both mainstream Solaris and Trusted Solaris, dramatically lessens the need for using root directly by providing a way for fine grained control over various administrative tasks.

See also

• Common Criteria
• Orange Book
• Comparison of operating systems
• Capability (computers)
• Capabilities vs. ACLs
• Computer security
• IX (operating system)
• OpenBSM
• Security-evaluated operating system
• Security engineering
• Trusted operating system

External links

• Adamantix
• Hardened Linux
• Security mechanisms in newer operating systems

The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an International standard ( ISO / Trusted Computer System Evaluation Criteria ( TCSEC) is a United States Government Department of Defense (DoD standard that sets basic requirements --> UserSecuniBot permission to update Capability-based security is a concept in the design of Secure computing systems This article describes how security can be achieved through design and engineering This article describes how security can be achieved through design and engineering IX was a security focused variant of the Tenth Edition Research Unix Operating system, developed by Douglas McIlroy and James OpenBSM is an open source implementation of Sun 's Basic Security Module (BSM Audit API and file format A security-evaluated operating system is an Operating system that has achieved a certification from an external security auditing organization such as a B2 or A1 CSC-STD-001-83 Security engineering is a specialized field of Engineering that deals with the development of detailed engineering plans and designs for security features controls and systems Trusted Operating System (TOS generally refers to an Operating system that provides sufficient support for Multilevel security and evidence of correctness to

---

© 2009 citizendia.org; parts available under the terms of GNU Free Documentation License, from http://en.wikipedia.org
Dapyx Software network: MP3 Explorer | Ebook Manager | Zenithic