FACTOID # 20: Statistically, Delaware bears more cost of the US Military than any other state.
 Home   Encyclopedia   Statistics   States A-Z   Flags   Maps   FAQ   About 


FACTS & STATISTICS    Advanced view

Search encyclopedia, statistics and forums:



(* = Graphable)



Encyclopedia > Security focused operating systems

This is an alphabetical list of operating systems with a sharp security focus. Their order does not imply rank. In addition, some operating systems meet certain evaluation criteria: they can be described as security-evaluated operating systems; but this as such does not make them secure.

In our context, "Security-focused" means that the project is devoted to increasing the security as a major goal. As such, something can be secure without being "security-focused." For example, almost all of the operating systems mentioned here are faced with security bug fixes in their life time; however, they do all strive to consistently approach all generic security flaws inherent in their design with new ideas in an attempt to create a secure computing environment.



BSD is a free, open source Unix variant created at the University of California, Berkely. BSD itself isn't security-focused; however, there are some BSD variants that do focus heavily on security.

BSD is, as of this edit on October 5, 2004, still maintained in the form of various descendents. It is also free, and licensed under the BSD open source licensed. There are a number of BSD descendent projects that have focused on different goals. All of the major BSD descendent projects develop their kernel in sync with the rest of the system.


OpenBSD is an open source BSD operating system that is known to be concerned heavily with security. The project has completed rigorous manual sweeps of the code to address issues most systems haven't. OpenBSD also supplies an executable space protection scheme known as W^X, as well as a ProPolice compiled executable base.


TrustedBSD is an open source BSD operating system provides a set of trusted operating system extensions to the FreeBSD operating system, targeting the Common Criteria for Information Technology Security Evaluation (see also Orange Book). Its main focuses are working on access control lists, event auditing, extended attributes, mandatory access controls, and fine-grained capabilities. Since access control lists are known to be confronted with the confused deputy problem, capabilities are a different way to avoid this issue. As part of the TrustedBSD project, there is also a port of the NSA's FLASK/TE implementation in SELinux to run on FreeBSD. Many of these trusted extensions have been integrated into the FreeBSD 5.x current development track.


Linux is a free, open source Unix variant created by Linus Torvalds. Linux itself is not inherently security-focused; however, many distributions and projects attempt to make Linux secure. It is also free, and licensed under the Gnu GPL v2 open source license.


Adamantix is a Debian-based, security-focused Linux distribution. It employs a PaX and ProPolice protected base, and utilizes the RSBAC Mandatory access control system.

Hardened Gentoo

Hardened Gentoo is a subproject of the Gentoo Linux project.

Hardened Gentoo offers a ProPolice protected and Position Independent Executable base using the exact same package tree as Gentoo. Executable space protection in Hardened Gentoo is handled by PaX.

The Hardened Gentoo project is an extremely modular project, and also provides subprojects to integrate other intrusion-detection and Mandatory access control systems into Gentoo. All of these can be optionally installed in any combination, with or without PaX and a ProPolice base.


Immunix is a commercial distribution of Linux focused heavily on security. They supply many systems of their own making, including StackGuard; cryptographic signing of executables; race condition patches; and format string exploit guarding code. Immunix traditionally releases older versions of their distribution free for non-commercial use.

Note that the Immunix distribution itself is licensed under two licenses: The Immunix commercial and non-commercial licenses. Many tools within are GPL, however; as is the kernel.


Solaris is a Unix variant created by Sun Microsystems. Solaris itself is not inherently security-focused.

Solaris is, as of this edit on May 26, 2004, still maintained. It is a commercial Unix system.

Trusted Solaris

Trusted Solaris is a security-focused version of the Solaris Unix operating system. Aimed primarily at the government computing sector, Trusted Solaris adds detailed auditing of all tasks, pluggable authentication, mandatory access control, additional physical authentication devices, and fine-grained access control. Versions of Trusted Solaris through version 8 are Common Criteria certified. See [1] (http://wwws.sun.com/software/security/securitycert/trustedsolaris.html) and [2] (http://wwws.sun.com/software/security/securitycert/images/TSol8_7-03CMS.jpg) Trusted Solaris Version 8 received the EAL4 certification level augmented by a number of protection profiles. See [3] (http://csrc.nist.gov/cc/Documents/CC%20v2.1%20-%20HTML/PART3/PART36.HTM) for explanation of The Evaluation Assurance Levels.

See also

External links

  • Adamantix (http://adamantix.org/)
  • Evalutaion Assurance Levels (http://csrc.nist.gov/cc/Documents/CC%20v2.1%20-%20HTML/PART3/PART36.HTM)
  • Hardened Gentoo (http://hardened.gentoo.org/)
  • Immunix (http://www.immunix.org/)
  • Linux Kernel Archive (http://www.kernel.org/)
  • OpenBSD (http://openbsd.org/)
  • TrustedBSD (http://www.trustedbsd.org/)
  • Trusted Solaris (http://wwws.sun.com/software/solaris/trustedsolaris/)

  Results from FactBites:
Computer security - Wikipedia, the free encyclopedia (2082 words)
The early Multics operating system was notable for its early emphasis on computer security by design, and Multics was possibly the very first operating system to be designed as a secure system from the ground up.
Intrusion-detection systems can scan a network for people that are on the network but who should not be there or are doing things that they should not be doing, for example trying a lot of passwords to gain access to the network.
Computer security is a highly complex field, and it is relatively immature, except on certain very secure systems that never make it into the news media because nothing ever goes wrong that can be publicized, and for which there is not much literature because the security details are proprietary.
Computer security (1178 words)
Computer security is the effort to create a secure computing platform, designed so that agents (users or programs) cannot perform actionss that they are not allowed to perform, but can perform the actions that they are allowed to.
In the case of a computer system sequestered in a vault without any means of power or communication, the term 'secure' is applied in a pejorative sense only.
It is also important to distinguish the techniques employed to increase a system's security from the issue of that system's security status.
  More results at FactBites »



Share your thoughts, questions and commentary here
Your name
Your comments

Want to know more?
Search encyclopedia, statistics and forums:


Press Releases |  Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms, 1022, m