Security-focused operating system

Last updated November 02, 2023

This is a list of operating systems specifically focused on security. Similar concepts include security-evaluated operating systems that have achieved certification from an auditing organization, and trusted operating systems that provide sufficient support for multilevel security and evidence of correctness to meet a particular set of requirements.

Linux

Android-based

CalyxOS is designed for privacy, security, and accessibility.^[1]
DivestOS is a fork of LineageOS that aims to increase privacy and security.
GrapheneOS is a privacy and security-focused mobile operating system for selected Google Pixel smartphones and tablets.
Kali NetHunter is a mobile penetration testing platform based on Kali Linux.^[2]

Arch-based

BlackArch is a penetration testing distribution that provides a large number of security tools.

Debian-based

Kali Linux is designed for digital forensics and penetration testing.^[3]
Parrot OS Security Edition is designed for penetration testing, vulnerability assessment and mitigation, computer forensics, and anonymous web browsing.^[4]
Tails is aimed at preserving privacy and anonymity.^[5]
Whonix consists of two virtual machines. All communications are forced through Tor.^[6]^[7]^[8]

Gentoo-based

Pentoo is a Live CD and Live USB designed for penetration testing and security assessment.^[9]^[10]^[11]^[12]

Other Linux distributions

Alpine Linux is designed to be small, simple, and secure.^[13] It uses musl, BusyBox, and OpenRC instead of the more commonly used glibc, GNU Core Utilities, and systemd.^[14]
Fedora Silverblue is an immutable desktop operating system. Every Silverblue installation is identical to every other installation of the same version, and it never changes as it is used.^[15]

BSD

OpenBSD is a Unix-like operating system that emphasizes portability, standardization, correctness, proactive security, and integrated cryptography.^[16]

Xen

Qubes OS aims to provide security through isolation.^[17] Isolation is provided through the use of virtualization technology. This allows the segmentation of applications into secure virtual machines.

Related Research Articles

A Linux distribution is an operating system made from a software collection that includes the Linux kernel, and often a package management system. Linux users usually obtain their operating system by downloading one of the Linux distributions, which are available for a wide variety of systems ranging from embedded devices and personal computers to powerful supercomputers.

Free and Open source Software Developers' European Meeting (FOSDEM) is a non-commercial, volunteer-organized European event centered on free and open-source software development. It is aimed at developers and anyone interested in the free and open-source software movement. It aims to enable developers to meet and to promote the awareness and use of free and open-source software.

Technical variations of Linux distributions include support for different hardware devices and systems or software package configurations. Organizational differences may be motivated by historical reasons. Other criteria include security, including how quickly security upgrades are available; ease of package management; and number of packages available.

Kernel-based Virtual Machine (KVM) is a free and open-source virtualization module in the Linux kernel that allows the kernel to function as a hypervisor. It was merged into the mainline Linux kernel in version 2.6.20, which was released on February 5, 2007. KVM requires a processor with hardware virtualization extensions, such as Intel VT or AMD-V. KVM has also been ported to other operating systems such as FreeBSD and illumos in the form of loadable kernel modules.

Fedora Linux is a Linux distribution developed by the Fedora Project. It was originally developed in 2003 as a continuation of the Red Hat Linux project. It contains software distributed under various free and open-source licenses and aims to be on the leading edge of open-source technologies. It is now the upstream source for CentOS Stream and Red Hat Enterprise Linux.

Alpine Linux is a Linux distribution designed to be small, simple, and secure. It uses musl, BusyBox, and OpenRC instead of the more commonly used glibc, GNU Core Utilities, and systemd.

Tails, or "The Amnesic Incognito Live System," is a security-focused Debian-based Linux distribution aimed at preserving privacy and anonymity. It connects to the Internet exclusively through the anonymity network Tor. The system is designed to be booted as a live DVD or live USB and never writes to the hard drive or SSD, leaving no digital footprint on the machine unless explicitly told to do so. It can also be run as a virtual machine, with some additional security risks. The Tor Project provided financial support for its development in the beginnings of the project, and continues to do so alongside numerous corporate and anonymous sponsors.

BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing.

Qubes OS is a security-focused desktop operating system that aims to provide security through isolation. Isolation is provided through the use of virtualization technology. This allows the segmentation of applications into secure virtual machines called qubes. Virtualization services in Qubes OS are provided by the Xen hypervisor.

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security.

Whonix is a Kicksecure-based security hardened Linux distribution. Its main goals are to provide strong privacy and anonymity on the Internet. The operating system consists of two virtual machines, a workstation and a Tor gateway running Debian. All communications are forced through Tor.

Besides the Linux distributions designed for general-purpose use on desktops and servers, distributions may be specialized for different purposes including computer architecture support, embedded systems, stability, security, localization to a specific region or language, targeting of specific user groups, support for real-time applications, or commitment to a given desktop environment. Furthermore, some distributions deliberately include only free software. As of 2015, over four hundred Linux distributions are actively developed, with about a dozen distributions being most popular for general-purpose use.

<span class="mw-page-title-main">Parrot OS</span> Debian-based Linux distribution

Parrot OS is a Linux distribution based on Debian with a focus on security, privacy, and development.

Subgraph OS was a Debian-based project designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet. It has been mentioned by Edward Snowden as showing future potential.

Container Linux is a discontinued open-source lightweight operating system based on the Linux kernel and designed for providing infrastructure for clustered deployments while focusing on automation, ease of application deployment, security, reliability, and scalability. As an operating system, Container Linux provided only the minimal functionality required for deploying applications inside software containers, together with built-in mechanisms for service discovery and configuration sharing.

CalyxOS is an operating system for smartphones based on Android with mostly free and open-source software. It is produced by the Calyx Institute as part of its mission to "defend online privacy, security and accessibility."

References

↑ "About The Calyx Institute - Calyx Institute". calyxinstitute.org. Retrieved 2 November 2021.
↑ "Kali NetHunter Documentation". Kali Linux Documentation. Retrieved 5 April 2020.
↑
- "Kali Linux 1.0 review". LinuxBSDos.com. 14 March 2013. Retrieved 26 November 2019.
- Simionato, Lorenzo (24 April 2007). "Review: BackTrack 2 security live CD". Linux.com. Retrieved 10 April 2019.
- Barr, Joe (13 June 2008). "Test your environment's security with BackTrack". Linux.com. Retrieved 10 April 2019.
- "BackTrack 4 - Hacking galore". Dedoimedo.com. 15 May 2009. Retrieved 10 April 2019.
- "BackTrack 5 R3 review". LinuxBSDos.com. 17 August 2012. Retrieved 10 April 2019.
↑ "Parrot Security Could Be Your Next Security Tool". Linux.com | The source for Linux information. 2 December 2016. Retrieved 9 March 2018.
↑ Vervloesem, Koen (27 April 2011). "The Amnesic Incognito Live System: A live CD for anonymity [LWN.net]". lwn.net. Archived from the original on 21 August 2017. Retrieved 14 June 2017.
↑ "Devs cook up 'leakproof' all-Tor untrackable platform". The Register. 13 November 2012. Retrieved 10 July 2014.
↑ Greenburg, Andy (17 June 2014). "How to Anonymize Everything You Do Online". Wired. Retrieved 10 July 2014.
↑ "Whonix adds a layer of anonymity to your business tasks". TechRepublic. 4 January 2013. Retrieved 10 July 2014.
↑ Pentoo (Gentoo) Based Linux Review, Features and Screenshot Tour, TecMint.
↑ KITE Introduces a New Secured FOSS Based Operating System
↑ A Look at Pentoo Linux and Its Security Analysis Tools, eWeek
↑ 12 Best Operating Systems For Ethical Hacking And Penetration Testing | 2018 Edition
↑ "about | Alpine Linux". alpinelinux.org.
↑ says, GigaTux (24 August 2010). "Alpine Linux 2 review | LinuxBSDos.com".
↑ "Fedora Silverblue User Guide :: Fedora Docs". docs.fedoraproject.org. Archived from the original on 11 October 2021. Retrieved 11 October 2021.
↑ OpenBSD Project (19 May 2020). "OpenBSD". OpenBSD.org. Retrieved 12 October 2020.
↑ "Qubes OS bakes in virty system-level security". The Register. 5 September 2012.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "About The Calyx Institute - Calyx Institute". calyxinstitute.org. Retrieved 2 November 2021.

[2] "Kali NetHunter Documentation". Kali Linux Documentation. Retrieved 5 April 2020.

[3] 
"Kali Linux 1.0 review". LinuxBSDos.com. 14 March 2013. Retrieved 26 November 2019.
Simionato, Lorenzo (24 April 2007). "Review: BackTrack 2 security live CD". Linux.com. Retrieved 10 April 2019.
Barr, Joe (13 June 2008). "Test your environment's security with BackTrack". Linux.com. Retrieved 10 April 2019.
"BackTrack 4 - Hacking galore". Dedoimedo.com. 15 May 2009. Retrieved 10 April 2019.
"BackTrack 5 R3 review". LinuxBSDos.com. 17 August 2012. Retrieved 10 April 2019.

[mwrQ] "Kali Linux 1.0 review". LinuxBSDos.com. 14 March 2013. Retrieved 26 November 2019.

[mwtQ] Simionato, Lorenzo (24 April 2007). "Review: BackTrack 2 security live CD". Linux.com. Retrieved 10 April 2019.

[mwvA] Barr, Joe (13 June 2008). "Test your environment's security with BackTrack". Linux.com. Retrieved 10 April 2019.

[mwww] "BackTrack 4 - Hacking galore". Dedoimedo.com. 15 May 2009. Retrieved 10 April 2019.

[mwyw] "BackTrack 5 R3 review". LinuxBSDos.com. 17 August 2012. Retrieved 10 April 2019.

[4] "Parrot Security Could Be Your Next Security Tool". Linux.com | The source for Linux information. 2 December 2016. Retrieved 9 March 2018.

[5] Vervloesem, Koen (27 April 2011). "The Amnesic Incognito Live System: A live CD for anonymity [LWN.net]". lwn.net. Archived from the original on 21 August 2017. Retrieved 14 June 2017.

[6] "Devs cook up 'leakproof' all-Tor untrackable platform". The Register. 13 November 2012. Retrieved 10 July 2014.

[7] Greenburg, Andy (17 June 2014). "How to Anonymize Everything You Do Online". Wired. Retrieved 10 July 2014.

[8] "Whonix adds a layer of anonymity to your business tasks". TechRepublic. 4 January 2013. Retrieved 10 July 2014.

[tecmint1-9] Pentoo (Gentoo) Based Linux Review, Features and Screenshot Tour, TecMint.

[itsfoss1-10] KITE Introduces a New Secured FOSS Based Operating System

[eweek1-11] A Look at Pentoo Linux and Its Security Analysis Tools, eWeek

[fossbytes1-12] 12 Best Operating Systems For Ethical Hacking And Penetration Testing | 2018 Edition

[about-13] "about | Alpine Linux". alpinelinux.org.

[linuxbsdos-14] says, GigaTux (24 August 2010). "Alpine Linux 2 review | LinuxBSDos.com".

[15] "Fedora Silverblue User Guide :: Fedora Docs". docs.fedoraproject.org. Archived from the original on 11 October 2021. Retrieved 11 October 2021.

[16] OpenBSD Project (19 May 2020). "OpenBSD". OpenBSD.org. Retrieved 12 October 2020.

[17] "Qubes OS bakes in virty system-level security". The Register. 5 September 2012.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

v t e Information Security
Related security categories	Computer security Automotive security Cybercrime Cybersex trafficking Computer fraud Cybergeddon Cyberterrorism Cyberwarfare Electronic warfare Information warfare Internet security Mobile security Network security Copy protection Digital rights management	vectorial version
Threats	Adware Advanced persistent threat Arbitrary code execution Backdoors Hardware backdoors Code injection Crimeware Cross-site scripting Cross-site leaks Cryptojacking malware Botnets Data breach Drive-by download Browser helper objects Viruses Data scraping Denial of service Eavesdropping Email fraud Email spoofing Exploits Hacktivism Keyloggers Logic bombs Time bombs Fork bombs Zip bombs Fraudulent dialers Malware Payload Phishing Polymorphic engine Privilege escalation Ransomware Rootkits Bootkits Scareware Shellcode Spamming Social engineering Screen scraping Spyware Software bugs Trojan horses Hardware Trojans Remote access trojans Vulnerability Web shells Wiper Worms SQL injection Rogue security software Zombie
Defenses	Application security Secure coding Secure by default Secure by design Misuse case Computer access control Authentication Multi-factor authentication Authorization Computer security software Antivirus software Security-focused operating system Data-centric security Code obfuscation Data masking Encryption Firewall Intrusion detection system Host-based intrusion detection system (HIDS) Anomaly detection Security information and event management (SIEM) Mobile secure gateway Runtime application self-protection