Related Research Articles
A Linux distribution is an operating system that includes the Linux kernel for its kernel functionality. Although the name does not imply product distribution per se, a distro, if distributed on its own, is often obtained via a website intended specifically for the purpose. Distros have been designed for a wide variety of systems ranging from personal computers to servers and from embedded devices to supercomputers.
Xen is a free and open-source type-1 hypervisor, providing services that allow multiple computer operating systems to execute on the same computer hardware concurrently. It was originally developed by the University of Cambridge Computer Laboratory and is now being developed by the Linux Foundation with support from Intel, Citrix, Arm Ltd, Huawei, AWS, Alibaba Cloud, AMD, Bitdefender and EPAM Systems.
In computer security, a sandbox is a security mechanism for separating running programs, usually in an effort to mitigate system failures and/or software vulnerabilities from spreading. The sandbox metaphor derives from the concept of a child's sandbox—a play area where children can build, destroy, and experiment without causing any real-world damage. It is often used to kill untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as storage and memory scratch space. Network access, the ability to inspect the host system, or read from input devices are usually disallowed or heavily restricted.
seccomp is a computer security facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit , sigreturn , read and write to already-open file descriptors. Should it attempt any other system calls, the kernel will either just log the event or terminate the process with SIGKILL or SIGSYS. In this sense, it does not virtualize the system's resources but isolates the process from them entirely.
OS-level virtualization is an operating system (OS) virtualization paradigm in which the kernel allows the existence of multiple isolated user space instances, including containers, zones, virtual private servers (OpenVZ), partitions, virtual environments (VEs), virtual kernels, and jails. Such instances may look like real computers from the point of view of programs running in them. A computer program running on an ordinary operating system can see all resources of that computer. Programs running inside a container can only see the container's contents and devices assigned to the container.
The OpenBSD operating system focuses on security and the development of security features. According to author Michael W. Lucas, OpenBSD "is widely regarded as the most secure operating system available anywhere, under any licensing terms."
There are a number of Unix-like operating systems based on or descended from the Berkeley Software Distribution (BSD) series of Unix variant options. The three most notable descendants in current use are FreeBSD, OpenBSD, and NetBSD, which are all derived from 386BSD and 4.4BSD-Lite, by various routes. Both NetBSD and FreeBSD started life in 1993, initially derived from 386BSD, but in 1994 migrated to a 4.4BSD-Lite code base. OpenBSD was forked from NetBSD in 1995. Other notable derivatives include DragonFly BSD, which was forked from FreeBSD 4.8.
Kernel-based Virtual Machine (KVM) is a free and open-source virtualization module in the Linux kernel that allows the kernel to function as a hypervisor. It was merged into the mainline Linux kernel in version 2.6.20, which was released on February 5, 2007. KVM requires a processor with hardware virtualization extensions, such as Intel VT or AMD-V. KVM has also been ported to other operating systems such as FreeBSD and illumos in the form of loadable kernel modules.
Linux Containers (LXC) is an operating system-level virtualization method for running multiple isolated Linux systems (containers) on a control host using a single Linux kernel.
Alpine Linux is a Linux distribution designed to be small, simple, and secure. It uses musl, BusyBox, and OpenRC instead of the more commonly used glibc, GNU Core Utilities, and systemd. This makes Alpine one of few Linux distributions not to be based on the GNU Core Utilities or glibc.
Tails, or "The Amnesic Incognito Live System", is a security-focused Debian-based Linux distribution aimed at preserving privacy and anonymity against surveillance. It connects to the Internet exclusively through the anonymity network Tor. The system is designed to be booted as a live DVD or live USB and never writes to the hard drive or SSD, leaving no digital footprint on the machine unless explicitly told to do so. It can also be run as a virtual machine, with some additional security risks.
Qubes OS is a security-focused desktop operating system that aims to provide security through isolation. Isolation is provided through the use of virtualization technology. This allows the segmentation of applications into secure virtual machines called qubes. Virtualization services in Qubes OS are provided by the Xen hypervisor.
Whonix is a Linux distribution, based on Kicksecure OS, claimed to be security hardened by its developers.
Subgraph OS was a Debian-based project designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet. It has been mentioned by Edward Snowden as showing future potential.
Genode is a free and open-source software operating system (OS) framework consisting of a microkernel abstraction layer and a set of user space components. The framework is notable as one of the few open-source operating systems not derived from a proprietary OS, such as Unix. The characteristic design philosophy is that a small trusted computing base is of primary concern in a security-oriented OS.
A virtual kernel architecture (vkernel) is an operating system virtualisation paradigm where kernel code can be compiled to run in the user space, for example, to ease debugging of various kernel-level components, in addition to general-purpose virtualisation and compartmentalisation of system resources. It is used by DragonFly BSD in its vkernel implementation since DragonFly 1.7, having been first revealed in September 2006, and first released in the stable branch with DragonFly 1.8 in January 2007.
signify is a free and open source tool developed by OpenBSD to generate and verify signatures.
Linux Kodachi is a derivative of Ubuntu 18.04.6 focused on computer security, countering forensics and enabling anonymous browsing with minimized command-line usage designed by Warith Al Maawali. It is a Live distribution and can be operated directly from a USB drive or DVD, but can be installed on any compatible drive if needed.
References
- ↑ Vervloesem, Koen (27 April 2011). "The Amnesic Incognito Live System: A live CD for anonymity [LWN.net]". lwn.net. Archived from the original on 21 August 2017. Retrieved 14 June 2017.
- ↑ "Devs cook up 'leakproof' all-Tor untrackable platform". The Register. 13 November 2012. Retrieved 10 July 2014.
- ↑ Greenburg, Andy (17 June 2014). "How to Anonymize Everything You Do Online". Wired. Retrieved 10 July 2014.
- ↑ "Whonix adds a layer of anonymity to your business tasks". TechRepublic. 4 January 2013. Retrieved 10 July 2014.
- ↑ Choudhury, Ambika (4 June 2019). "10 Most Secured Linux Distros For Advanced Privacy & Security". AIM. Retrieved 1 November 2024.
- ↑ "about | Alpine Linux". alpinelinux.org.
- ↑ says, GigaTux (24 August 2010). "Alpine Linux 2 review | LinuxBSDos.com".
- ↑ OpenBSD Project (19 May 2020). "OpenBSD". OpenBSD.org. Retrieved 12 October 2020.
- ↑ "Qubes OS bakes in virty system-level security". The Register. 5 September 2012.
