HOME

TheInfoList



Click Here for Items Related To - Subgraph (operating system)
OR:
Subgraph (operating system) on:   [Wikipedia]   [Google]   [Amazon]

Subgraph OS is a
Linux distribution A Linux distribution (often abbreviated as distro) is an operating system made from a software collection that includes the Linux kernel and, often, a package management system. Linux users usually obtain their operating system by downloading on ...
designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet. It is based on
Debian Debian (), also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source software, developed by the community-supported Debian Project, which was established by Ian Murdock on August 16, 1993. The first version of De ...
. The operating system has been mentioned by
Edward Snowden Edward Joseph Snowden (born June 21, 1983) is an American and naturalized Russian former computer intelligence consultant who leaked highly classified information from the National Security Agency (NSA) in 2013, when he was an employee and s ...
as showing future potential. Subgraph OS is designed to be locked down and with features which aim to reduce the attack surface of the operating system, and increase the difficulty required to carry out certain classes of attack. This is accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also places emphasis on ensuring the integrity of installed software packages through
deterministic compilation Reproducible builds, also known as deterministic compilation, is a process of compiling software which ensures the resulting binary code can be reproduced. Source code compiled using deterministic compilation will always output the same binary. ...
.


Features

Some of Subgraph OS's notable features include: *
Linux kernel The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU ...
hardened with the grsecurity and
PaX Pax or PAX may refer to: Peace * Peace (Latin: ''pax'') ** Pax (goddess), the Roman goddess of peace ** Pax, a truce term * Pax (liturgy), a salutation in Catholic and Lutheran religious services * Pax (liturgical object), an object formerly kis ...
patchset. *
Linux namespaces Namespaces are a feature of the Linux kernel that partitions kernel resources such that one set of processes sees one set of resources while another set of processes sees a different set of resources. The feature works by having the same names ...
and
xpra xpra, abbreviated from X Persistent Remote Applications, is a set of software utilities that run X clients, typically on a remote host, and direct their display to the local machine without the X clients closing or losing any state in case the ne ...
for application containment. * Mandatory file system encryption during installation, using LUKS. * Resistance to
cold boot attack In computer security, a cold boot attack (or to a lesser extent, a platform reset attack) is a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random-access memory (RAM) ...
s. * Configurable firewall rules to automatically ensure that network connections for installed applications are made using the
Tor anonymity network Tor, short for The Onion Router, is free and open-source software for enabling anonymous communication. It directs Internet traffic through a free, worldwide, volunteer overlay network, consisting of more than seven thousand relays, to con ...
. Default settings ensure that each application's communication is transmitted via an independent circuit on the network. *
GNOME Shell GNOME Shell is the graphical shell of the GNOME desktop environment starting with version 3, which was released on April 6, 2011. It provides basic functions like launching applications, switching between windows and is also a widget engine. ...
integration for the OZ virtualization client, which runs apps inside a secure Linux container, targeting ease-of-use by everyday users.


Security

The security of Subgraph OS (which uses sandbox containers) has been questioned in comparison to Qubes (which uses
virtualization In computing, virtualization or virtualisation (sometimes abbreviated v12n, a numeronym) is the act of creating a virtual (rather than actual) version of something at the same abstraction level, including virtual computer hardware platforms, st ...
), another security focused operating system. An attacker can trick a Subgraph user to run a malicious unsandboxed script via the OS's default
Nautilus The nautilus (, ) is a pelagic marine mollusc of the cephalopod family Nautilidae. The nautilus is the sole extant family of the superfamily Nautilaceae and of its smaller but near equal suborder, Nautilina. It comprises six living species ...
file manager or in the terminal. It is also possible to run malicious code containing
.desktop In computing, a file shortcut is a handle in a user interface that allows the user to find a file or resource located in a different directory or folder from the place where the shortcut is located. Similarly, an Internet shortcut allows the user ...
files (which are used to launch applications). Malware can also bypass Subgraph OS's
application firewall An application firewall is a form of firewall that controls input/output or system calls of an application or service. It operates by monitoring and blocking communications based on a configured policy, generally with predefined rule sets to ...
. Also, by design, Subgraph does not isolate the
network stack The protocol stack or network stack is an implementation of a computer networking protocol suite or protocol family. Some of these terms are used interchangeably but strictly speaking, the ''suite'' is the definition of the communication protoco ...
like Qubes OS.


See also

*
Tails (operating system) Tails, or The Amnesic Incognito Live System, is a security-focused Debian-based Linux distribution aimed at preserving privacy and anonymity. It connects to the Internet exclusively through the anonymity network Tor. The system is designed to ...
*
Qubes OS Qubes OS is a security-focused desktop Linux distribution that aims to provide security through isolation. Virtualization is performed by Xen, and user environments can be based on (with official support) Fedora or Debian, or (with community s ...


References


External links

* * {{DistroWatch, Subgraph Debian-based distributions Operating system security Linux distributions