This is a list of operating systems specifically focused on security. General-purpose operating systems may be secure in practice, without being specifically "security-focused".
Similar concepts include security-evaluated operating systems that have achieved certification from an auditing organization, and trusted operating systems that provide sufficient support for multilevel security and evidence of correctness to meet a particular set of requirements.
- PrivatOS was a hardened proprietary operating system for Blackphone.
- Replicant is a FOSS operating system based on the Android mobile platform, which aims to replace all proprietary Android components with their free software counterparts. It is available for several smartphones and tablet computers. In March 2014, the Replicant project announced the discovery of a backdoor present in a wide range of Samsung Galaxy products that allows the baseband processor to read and write the device's storage, sometimes with normal user privileges and sometimes as the root user, depending on device model. It is not generally known whether Samsung's proprietary firmware for the radio chip can be remotely instructed to use these access features and the intentions of creating such a backdoor.
- Subgraph is a Linux-based operating system designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet. Subgraph OS is designed with features which aim to reduce the attack surface of the operating system, and increase the difficulty required to carry out certain classes of attack. This is accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also places emphasis on ensuring the integrity of installed software packages through deterministic compilation. Subgraph OS features a kernel hardened with the Grsecurity and PaX patchset, Linux namespaces, and Xpra for application containment, mandatory file system encryption using LUKS, resistance to cold boot attacks, and is configured by default to isolate network communications for installed applications to independent circuits on the Tor anonymity network.
- Tails is a security-focused Linux distribution aimed at preserving privacy and anonymity.
- Whonix is an anonymous general purpose operating system based on VirtualBox, Debian GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible. Not even Malware as Superuser can find out the user's real IP address/location. This is because Whonix consists of two (virtual) machines. One machine solely runs Tor and acts as a gateway, called Whonix-Gateway. The other machine, called Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible.
- Qubes OS is a desktop operating system based around the Xen hypervisor that allows grouping programs into a number of isolated sandboxes (virtual machines) to provide security. Windows for programs running within these sandboxes ("security domains") can be color coded for easy recognition. The security domains are configurable, they can be transient (changes to the file system will not be preserved), and their network connection can be routed through special virtual machines (for example one that only provides Tor networking). The operating system provides secure mechanisms for copy and paste and for copying files between the security domains.
Other Linux distributions
- Alpine Linux is a lightweight musl and BusyBox-based distribution. It uses PaX and grsecurity patches in the default kernel and compiles all packages with stack-smashing protection. Version 3.8.1 was released 11 September 2018.
- Annvix was originally forked from Mandriva to provide a security-focused server distribution that employs ProPolice protection, hardened configuration, and a small footprint. There were plans to include full support for the RSBAC mandatory access control system. However, Annvix is dormant, with the last version being released on 30 December 2007.
- EnGarde Secure Linux is a secure platform designed for servers. It has had a browser-based tool for MAC using SELinux since 2003. Additionally, it can be accompanied with Web, DNS, and email enterprise applications, specifically focusing on security without any unnecessary software. The community platform of EnGarde Secure Linux is the bleeding-edge version freely available for download.
- Immunix was a commercial distribution of Linux focused heavily on security. They supplied many systems of their own making, including StackGuard; cryptographic signing of executables; race condition patches; and format string exploit guarding code. Immunix traditionally releases older versions of their distribution free for non-commercial use. The Immunix distribution itself is licensed under two licenses: The Immunix commercial and non-commercial licenses. Many tools within are GPL, however; as is the kernel.
- Solar Designer's Openwall Project (Owl) was the first distribution to have a non-executable userspace stack, /tmp race condition protection, and access control restrictions to /proc data, by way of a kernel patch. It also features a per-user tmp directory via the pam_mktemp PAM module, and supports Blowfish password encryption.