List of security-focused operating systems
From Wikipedia, the free encyclopedia
This is a list of operating systems specifically focused on security. Similar concepts include security-evaluated operating systems that have achieved certification from an auditing organization, and trusted operating systems that provide sufficient support for multilevel security and evidence of correctness to meet a particular set of requirements.
Linux
Android-based
- GrapheneOS is a Security-focused, Android-based mobile OS that uses a hardened kernel, C library, custom memory allocator (
hardened_malloc), and custom privacy and security focused Chromium based browser named Vanadium[1]. it also offers privacy/security features, such as Duress PIN/Password or disabling the USB-C port at a driver/hardware level to avoid exploitation. it enables multiple exploit mitigations such as memory tagging, secure app spawning, restricted dynamic code loading, and more.[2]
Debian-based
- Linux Kodachi is a security-focused operating system.[3]
- Tails is aimed at preserving privacy and anonymity.[4]
- KickSecure is a security-focused Linux distribution that aims to be "hardened by default". It uses network hardening, kernel hardening, Strong Linux User Account Isolation, better randomness, root access restrictions, and app-specific hardening.[5]
Other Linux distributions
- Alpine Linux is designed to be small, simple, and secure.[9] It uses musl, BusyBox, and OpenRC instead of the more commonly used glibc, GNU Core Utilities, and systemd.[10]
- Owl - Openwall GNU/Linux, a security-enhanced Linux distribution for servers.
- Secureblue, a Fedora Silverblue based distro that uses a hardened kernel, custom memory allocator (
hardened_malloc), Trivalent, a security-focused, Chromium-based browser inspired by Vanadium, and many other exploit mitigations.[11]
BSD
- OpenBSD is a Unix-like operating system that emphasizes portability, standardization, correctness, proactive security, and integrated cryptography.[12]
Xen
- Qubes OS aims to provide security through isolation.[13] Isolation is provided through the use of virtualization technology. This allows the segmentation of applications into secure virtual machines.