Harman Patil (Editor)

Subgraph (operating system)

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit
OS family
  
Unix-like

Source model
  
Open source

Kernel type
  
Monolithic (Linux)

Working state
  
Current

Marketing target
  
Personal computers

Latest release
  
2016.12.30 / 30 December 2016; 2 months ago (2016-12-30)

Subgraph OS is a Linux distribution designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet. It is based upon Debian Linux. The operating system has been endorsed by Edward Snowden.

Subgraph OS is designed with features which aim to reduce the attack surface of the operating system, and increase the difficulty required to carry out certain classes of attack. This is accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also places emphasis on ensuring the integrity of installed software packages through deterministic compilation.

Features

Some of Subgraph OS's notable features include:

  • Linux kernel hardened with the grsecurity and PaX patchset.
  • Linux namespaces and xpra for application containment.
  • Mandatory file system encryption during installation, using LUKS.
  • Resistance to cold boot attacks.
  • Configurable firewall rules to automatically ensure that network connections for installed applications are made using the Tor anonymity network. Default settings ensure that each application's communication is transmitted via an independent circuit on the network.
  • GNOME Shell integration for the OZ application-level sandbox, targeting ease-of-use by everyday users.

    • References

    Subgraph (operating system) Wikipedia
    (Text) CC BY-SA