Security-focused operating system

This is a list of operating systems specifically focused on security. Similar concepts include security-evaluated operating systems that have achieved certification from an auditing organization, and trusted operating systems that provide sufficient support for multilevel security and evidence of correctness to meet a particular set of requirements.

Linux

Android-based

CalyxOS is designed for privacy, security, and accessibility.^[1]
DivestOS is a fork of LineageOS that aims to increase privacy and security.
GrapheneOS is a privacy and security-focused mobile operating system for selected Google Pixel smartphones.
Kali NetHunter is a mobile penetration testing platform based on Kali Linux.^[2]

Arch-based

BlackArch is a penetration testing distribution that provides a large number of security tools.

Debian-based

Kali Linux is designed for digital forensics and penetration testing.^[3]
Parrot OS Security Edition is designed for penetration testing, vulnerability assessment and mitigation, computer forensics, and anonymous web browsing.^[4]
Tails is aimed at preserving privacy and anonymity.^[5]
Whonix consists of two virtual machines. All communications are forced through Tor.^[6]^[7]^[8]

Gentoo-based

Pentoo is a Live CD and Live USB designed for penetration testing and security assessment.^[9]^[10]^[11]^[12]

Other Linux distributions

Alpine Linux is an actively maintained lightweight musl and BusyBox-based distribution. It uses PaX and grsecurity patches in the default kernel and compiles all packages with stack-smashing protection.
Fedora Silverblue is an immutable desktop operating system. Every Silverblue installation is identical to every other installation of the same version, and it never changes as it is used. The immutable design is intended to make the operating system more stable, less prone to bugs, easier to test and develop, and create a platform for containerized applications as well as container-based software development. Applications and containers are kept separate from the host system. OS updates are fast and there is no installation stage. With Silverblue, it is also possible to roll back to the previous version of the operating system, if something goes wrong.^[13]

BSD

OpenBSD is an open source BSD operating system that is known to be concerned heavily with security. The project has completed rigorous manual reviews of the code and addressed issues most systems have not. OpenBSD also supplies an executable space protection scheme known as W^X (memory is writable xor executable), as well as a ProPolice compiled executable base. OpenBSD became the first mainstream operating system to support partial ASLR and to activate it by default; ASLR support was completed in 2008 when it added support for position-independent executable (PIE) binaries.^[14]

Xen

Qubes OS is a desktop operating system based around the Xen hypervisor that allows grouping programs into a number of isolated sandboxes (virtual machines) to provide security. Windows for programs running within these sandboxes ("security domains") can be color coded for easy recognition. The security domains are configurable, they can be transient (changes to the file system will not be preserved), and their network connection can be routed through special virtual machines (for example one that only provides Tor networking). The operating system provides secure mechanisms for copy and paste and for copying files between the security domains^[15]

References

^ "About The Calyx Institute - Calyx Institute". calyxinstitute.org. Retrieved 2 November 2021.
^ "Kali NetHunter Documentation". Kali Linux Documentation. Retrieved 5 April 2020.
^
- "Kali Linux 1.0 review". LinuxBSDos.com. 14 March 2013. Retrieved 26 November 2019.
- Simionato, Lorenzo (24 April 2007). "Review: BackTrack 2 security live CD". Linux.com. Retrieved 10 April 2019.
- Barr, Joe (13 June 2008). "Test your environment's security with BackTrack". Linux.com. Retrieved 10 April 2019.
- "BackTrack 4 - Hacking galore". Dedoimedo.com. 15 May 2009. Retrieved 10 April 2019.
- "BackTrack 5 R3 review". LinuxBSDos.com. 17 August 2012. Retrieved 10 April 2019.
^ "Parrot Security Could Be Your Next Security Tool". Linux.com | The source for Linux information. 2 December 2016. Retrieved 9 March 2018.
^ Vervloesem, Koen (27 April 2011). "The Amnesic Incognito Live System: A live CD for anonymity [LWN.net]". lwn.net. Archived from the original on 21 August 2017. Retrieved 14 June 2017.
^ "Devs cook up 'leakproof' all-Tor untrackable platform". The Register. 13 November 2012. Retrieved 10 July 2014.
^ Greenburg, Andy (17 June 2014). "How to Anonymize Everything You Do Online". Wired. Retrieved 10 July 2014.
^ "Whonix adds a layer of anonymity to your business tasks". TechRepublic. 4 January 2013. Retrieved 10 July 2014.
^ Pentoo (Gentoo) Based Linux Review, Features and Screenshot Tour, TecMint.
^ KITE Introduces a New Secured FOSS Based Operating System
^ A Look at Pentoo Linux and Its Security Analysis Tools, eWeek
^ 12 Best Operating Systems For Ethical Hacking And Penetration Testing | 2018 Edition
^ "Fedora Silverblue User Guide :: Fedora Docs". docs.fedoraproject.org. Archived from the original on 11 October 2021. Retrieved 11 October 2021.
^ "Pledge() - A New Mitigation Mechanism". Retrieved 8 October 2018.
^ Porup, J.M. (14 February 2022). "Qubes OS: A reasonably secure operating system". Qubes OS. Archived from the original on 14 February 2022.

[1] "About The Calyx Institute - Calyx Institute". calyxinstitute.org. Retrieved 2 November 2021.

[2] "Kali NetHunter Documentation". Kali Linux Documentation. Retrieved 5 April 2020.

[3] 
"Kali Linux 1.0 review". LinuxBSDos.com. 14 March 2013. Retrieved 26 November 2019.

Simionato, Lorenzo (24 April 2007). "Review: BackTrack 2 security live CD". Linux.com. Retrieved 10 April 2019.

Barr, Joe (13 June 2008). "Test your environment's security with BackTrack". Linux.com. Retrieved 10 April 2019.

"BackTrack 4 - Hacking galore". Dedoimedo.com. 15 May 2009. Retrieved 10 April 2019.

"BackTrack 5 R3 review". LinuxBSDos.com. 17 August 2012. Retrieved 10 April 2019.

[4] "Kali Linux 1.0 review". LinuxBSDos.com. 14 March 2013. Retrieved 26 November 2019.

[5] Simionato, Lorenzo (24 April 2007). "Review: BackTrack 2 security live CD". Linux.com. Retrieved 10 April 2019.

[6] Barr, Joe (13 June 2008). "Test your environment's security with BackTrack". Linux.com. Retrieved 10 April 2019.

[7] "BackTrack 4 - Hacking galore". Dedoimedo.com. 15 May 2009. Retrieved 10 April 2019.

[8] "BackTrack 5 R3 review". LinuxBSDos.com. 17 August 2012. Retrieved 10 April 2019.

[4] "Parrot Security Could Be Your Next Security Tool". Linux.com | The source for Linux information. 2 December 2016. Retrieved 9 March 2018.

[5] Vervloesem, Koen (27 April 2011). "The Amnesic Incognito Live System: A live CD for anonymity [LWN.net]". lwn.net. Archived from the original on 21 August 2017. Retrieved 14 June 2017.

[6] "Devs cook up 'leakproof' all-Tor untrackable platform". The Register. 13 November 2012. Retrieved 10 July 2014.

[7] Greenburg, Andy (17 June 2014). "How to Anonymize Everything You Do Online". Wired. Retrieved 10 July 2014.

[8] "Whonix adds a layer of anonymity to your business tasks". TechRepublic. 4 January 2013. Retrieved 10 July 2014.

[tecmint1-9] Pentoo (Gentoo) Based Linux Review, Features and Screenshot Tour, TecMint.

[itsfoss1-10] KITE Introduces a New Secured FOSS Based Operating System

[eweek1-11] A Look at Pentoo Linux and Its Security Analysis Tools, eWeek

[fossbytes1-12] 12 Best Operating Systems For Ethical Hacking And Penetration Testing | 2018 Edition

[13] "Fedora Silverblue User Guide :: Fedora Docs". docs.fedoraproject.org. Archived from the original on 11 October 2021. Retrieved 11 October 2021.

[pledge-14] "Pledge() - A New Mitigation Mechanism". Retrieved 8 October 2018.

[Porup_2022-15] Porup, J.M. (14 February 2022). "Qubes OS: A reasonably secure operating system". Qubes OS. Archived from the original on 14 February 2022.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

v t e Information security
Related security categories	Computer security Automotive security Cybercrime Cybersex trafficking Computer fraud Cybergeddon Cyberterrorism Cyberwarfare Electronic warfare Information warfare Internet security Mobile security Network security Copy protection Digital rights management	vectorial version
Threats	Adware Advanced persistent threat Arbitrary code execution Backdoors Bombs Fork Logic Time Zip Hardware backdoors Code injection Crimeware Cross-site scripting Cross-site leaks DOM clobbering History sniffing Cryptojacking Botnets Data breach Drive-by download Browser Helper Objects Viruses Data scraping Denial-of-service attack Eavesdropping Email fraud Email spoofing Exploits Fraudulent dialers Hacktivism Infostealer Insecure direct object reference Keystroke loggers Malware Payload Phishing Voice Polymorphic engine Privilege escalation Ransomware Rootkits Scareware Shellcode Spamming Social engineering Spyware Software bugs Trojan horses Hardware Trojans Remote access trojans Vulnerability Web shells Wiper Worms SQL injection Rogue security software Zombie
Defenses	Application security Secure coding Secure by default Secure by design Misuse case Computer access control Authentication Multi-factor authentication Authorization Computer security software Antivirus software Security-focused operating system Data-centric security Software obfuscation Data masking Encryption Firewall Intrusion detection system Host-based intrusion detection system (HIDS) Anomaly detection Information security management Information risk management Security information and event management (SIEM) Runtime application self-protection Site isolation