Jump to content

Subgraph (operating system): Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
No edit summary
No edit summary
 
(20 intermediate revisions by 12 users not shown)
Line 1: Line 1:
{{Infobox OS
{{Infobox OS
| name = Subgraph OS
| name = Subgraph OS
| logo = Subgraph OS Logo.png
| logo = Subgraph OS Logo.png
| logo size = 186px
| logo size = 186px
| logo caption =
| logo caption =
| screenshot =
| screenshot =
| caption =
| developer =
| caption =
| family = [[Linux]] ([[Unix-like]])
| developer =
| released =
| family = [[Unix-like]]
| discontinued = yes
| released =
| latest preview date = {{Start date and age|2017|09|22|df=yes}}
| marketing target =
| repo = {{URL|https://github.com/orgs/subgraph/repositories}}
| userland = [[GNU]]
| marketing target =
| ui = [[GNOME|GNOME 3]]
| license = [[GPLv3|GPLv3+]]
| userland = [[GNU]]
| influenced by = [[Tails (operating system)|Tails]], [[Qubes OS]]
| website = {{URL|https://subgraph.com}}
| ui = [[GNOME|GNOME 3]]
| source_model = [[Open-source software|Open source]]
| license = [[GPLv3|GPLv3+]]
| working_state = Current (Possibly Abandoned??)
| website = {{URL|https://subgraph.com}}
| latest_release_version = 2017.09.22<ref>{{cite web|title=Subgraph OS September 2017 ISO Availability|url=https://subgraph.com/blog/subgraph-sep2017-iso-availability/|website=subgraph.com|accessdate=22 September 2017|language=en}}</ref>
| source_model = [[Open-source software|Open source]]
| latest_release_date = {{Start date and age|2017|09|22|df=yes}}
| working_state = Discontinued<ref>{{cite web | title=DistroWatch.com: Subgraph OS | website=DistroWatch.com | date=2023-01-30 | url=https://distrowatch.com/table.php?distribution=Subgraph | access-date=2023-10-13}}</ref>
| latest_test_version =
| latest preview version = 2017.09.22<ref>{{cite web|title=Subgraph OS September 2017 ISO Availability|url=https://subgraph.com/blog/subgraph-sep2017-iso-availability/|website=subgraph.com|accessdate=22 September 2017|language=en}}</ref>
| latest_test_date =
| latest_test_version =
| kernel_type = [[Monolithic kernel|Monolithic]] ([[Linux kernel|Linux]])
| latest_test_date =
| updatemodel =
| kernel_type = [[Monolithic kernel|Monolithic]] ([[Linux kernel|Linux]])
| preceded_by =
| updatemodel =
| succeeded_by =
| preceded_by =
| package_manager =
| succeeded_by =
| supported_platforms =
| package_manager =
| supported_platforms =
}}
}}


'''Subgraph OS''' is a [[Linux distribution]] designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet.<ref>[https://www.linux.com/learn/intro-to-linux/2018/1/subgraph-security-focused-distro-malwares-worst-nightmare Subgraph: This Security-Focused Distro Is Malware's Worst Nightmare | Linux.com | The source of Linux information]</ref><ref>[https://distrowatch.com/weekly.php?issue=20170130#subgraph DistroWatch Weekly, Issue 697, 30 January 2017]</ref><ref>[https://www.techradar.com/news/best-linux-distro-privacy-security The best Linux distro for privacy and security in 2018 | TechRadar]</ref><ref>[https://www.wired.co.uk/article/subgraph-security-conscious-os Subgraph announces security conscious OS | WIRED UK]</ref><ref>[https://itsfoss.com/privacy-focused-linux-distributions/ Best Linux Distributions For Privacy Freaks | It's FOSS]</ref><ref>[https://lwn.net/Articles/679366/ Subgraph OS, a new security-centric desktop distribution &#91;LWN.net&#93;]</ref> It is based on [[Debian]]. The operating system has been mentioned by [[Edward Snowden]] as showing future potential.<ref>{{cite web|last1=Styles|first1=Kirsty|title=Subgraph will be Snowden’s OS of choice – but it’s not quite ready for humans yet|url=https://thenextweb.com/insider/2016/03/16/subgraph-os-will-snowdens-os-choice-not-quite-ready-humans/#gref|publisher=The Next Web|accessdate=7 July 2016}}</ref>
'''Subgraph OS''' was a [[Debian]]-based project designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet.<ref>{{cite web | title=Subgraph: This Security-Focused Distro Is Malware’s Worst Nightmare | website=Linux.com | date=2018-01-26 | url=https://www.linux.com/topic/desktop/subgraph-security-focused-distro-malwares-worst-nightmare/ | access-date=2023-10-13}}</ref><ref>{{cite web | title=DistroWatch.com: Put the fun back into computing. Use Linux, BSD. | website=DistroWatch.com | date=2017-01-30 | url=https://distrowatch.com/weekly.php?issue=20170130#subgraph | access-date=2023-10-13}}</ref><ref>{{Cite web|url=https://www.techradar.com/news/best-linux-distro-privacy-security|title=Best Linux distro for privacy and security of 2023|first=Mayank SharmaContributions from Brian Turner last|last=updated|date=May 9, 2022|website=TechRadar}}</ref><ref>{{Cite web|url=https://www.wired.co.uk/article/subgraph-security-conscious-os|title=Subgraph announces security conscious OS|via=www.wired.co.uk}}</ref><ref>{{Cite web|url=https://itsfoss.com/privacy-focused-linux-distributions/|title=Secure Your Online Privacy With These Linux Distributions|date=February 22, 2017|website=It's FOSS}}</ref><ref>{{Cite web|url=https://lwn.net/Articles/679366/|title=Subgraph OS, a new security-centric desktop distribution [LWN.net]|website=lwn.net}}</ref> It has been mentioned by [[Edward Snowden]] as showing future potential.<ref>{{cite web|last1=Styles|first1=Kirsty|title=Subgraph will be Snowden's OS of choice – but it's not quite ready for humans yet|date=16 March 2016|url=https://thenextweb.com/insider/2016/03/16/subgraph-os-will-snowdens-os-choice-not-quite-ready-humans/#gref|publisher=The Next Web|accessdate=7 July 2016}}</ref>


Subgraph OS is designed to be locked down and with features which aim to reduce the attack surface of the operating system, and increase the difficulty required to carry out certain classes of attack. This is accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also places emphasis on ensuring the integrity of installed software packages through [[deterministic compilation]].
Subgraph OS was designed to be locked down, with a reduced attack surface, to increase the difficulty to carry out certain classes of attack against it. This was accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also placed emphasis on ensuring the integrity of installed software packages through [[deterministic compilation]].

The last update of the project's blog was in September 2017,<ref>{{Cite web |title=Subgraph - Blog |url=https://subgraph.com/blog/index.en.html |access-date=2023-08-03 |website=subgraph.com}}</ref> and all of its [[GitHub]] repositories haven't seen activity since 2020.<ref>{{Cite web |title=Subgraph |url=https://github.com/subgraph |access-date=2023-08-03 |website=GitHub |language=en}}</ref>


==Features==
==Features==
Some of Subgraph OS's notable features include:
Some of Subgraph OS's notable features included:
* [[Linux kernel]] hardened with the grsecurity and [[PaX]] patchset.{{citation needed|reason=Does it still have grsecurity and PaX now that they aren't publicly available or something else like a fork?|date=June 2017}}
* [[Linux kernel]] hardened with the grsecurity and [[PaX]] patchset.<ref>{{Cite web |title=Hardening |url=https://subgraph.com/sgos/hardening/index.en.html |access-date=2023-08-03 |website=subgraph.com}}</ref>
* [[Linux namespaces]] and [[xpra]] for application containment.
* [[Linux namespaces]] and [[xpra]] for application containment.
* Mandatory file system encryption during installation, using [[LUKS]].
* Mandatory file system encryption during installation using [[LUKS]].
* Resistance to [[cold boot attack|cold boot attacks]].
* Configurable firewall rules to automatically ensure that network connections for installed applications are made using the [[Tor (anonymity network)|Tor anonymity network]]. Default settings ensure that each application's communication is transmitted via an independent circuit on the network.
* Configurable firewall rules to automatically ensure that network connections for installed applications are made using the [[Tor (anonymity network)|Tor anonymity network]]. Default settings ensure that each application's communication is transmitted via an independent circuit on the network.
* [[GNOME Shell]] integration for the OZ virtualization client, which runs apps inside a secure Linux container, targeting ease-of-use by everyday users.<ref>{{cite web|title=GitHub - OZ: a sandboxing system targeting everyday workstation applications|url=https://github.com/subgraph/oz|publisher=Subgraph|accessdate=6 October 2016}}</ref>
* [[GNOME Shell]] integration for the OZ virtualization client,<ref>{{cite web | title=subgraph/oz: OZ: a sandboxing system targeting everyday workstation applications | website=GitHub | url=https://github.com/subgraph/oz | access-date=2023-10-13}}</ref> which runs apps inside a secure Linux container, targeting ease-of-use by everyday users.<ref>{{cite web|title=GitHub - OZ: a sandboxing system targeting everyday workstation applications|url=https://github.com/subgraph/oz|publisher=Subgraph|accessdate=6 October 2016}}</ref>


==Security==
==Security==
The security of Subgraph OS (which uses [[Sandbox (computer security)|sandbox containers]]) has been questioned in comparison to [[Qubes OS|Qubes]] (which uses [[Virtual machine|virtualization]]), another security focused operating system. An attacker can trick a Subgraph user to run a malicious unsandboxed script via the OS's default [[GNOME Files|Nautilus]] file manager or in the terminal. It is also possible to run malicious code containing [[Shortcut (computing)#Unix|.desktop]] files (which are used to launch applications). Malware can also bypass Subgraph OS's [[application firewall]]. Also, by design, Subgraph cannot isolate the [[Protocol stack|network stack]] like Qubes OS or prevent [[Firmware#Security risks|bad USB]] exploits.<ref>{{Cite web|url=https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/|title=Breaking the Security Model of Subgraph OS {{!}} Micah Lee's Blog|website=micahflee.com|language=en-US|access-date=2017-04-25}}</ref>
The security of Subgraph OS (which uses [[Sandbox (computer security)|sandbox containers]]) has been questioned in comparison to [[Qubes OS|Qubes]] (which uses [[Virtual machine|virtualization]]), another security focused operating system. An attacker can trick a Subgraph user to run a malicious unsandboxed script via the OS's default [[GNOME Files|Nautilus]] file manager or in the terminal. It is also possible to run malicious code containing [[Shortcut (computing)#Unix|.desktop]] files (which are used to launch applications). Malware can also bypass Subgraph OS's [[application firewall]]. Also, by design, Subgraph does not isolate the [[Protocol stack|network stack]] like Qubes OS.<ref>{{Cite web|url=https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/|title=Breaking the Security Model of Subgraph OS {{!}} Micah Lee's Blog|website=micahflee.com|language=en-US|access-date=2017-04-25}}</ref>


==See also==
==See also==

Latest revision as of 00:20, 30 October 2024

Subgraph OS
OS familyLinux (Unix-like)
Working stateDiscontinued[1]
Source modelOpen source
Final preview2017.09.22[2] / 22 September 2017; 7 years ago (2017-09-22)
Repositorygithub.com/orgs/subgraph/repositories
Kernel typeMonolithic (Linux)
UserlandGNU
Influenced byTails, Qubes OS
Default
user interface		GNOME 3
LicenseGPLv3+
Official websitesubgraph.com

Subgraph OS was a Debian-based project designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet.[3][4][5][6][7][8] It has been mentioned by Edward Snowden as showing future potential.[9]

Subgraph OS was designed to be locked down, with a reduced attack surface, to increase the difficulty to carry out certain classes of attack against it. This was accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also placed emphasis on ensuring the integrity of installed software packages through deterministic compilation.

The last update of the project's blog was in September 2017,[10] and all of its GitHub repositories haven't seen activity since 2020.[11]

Features

[edit]

Some of Subgraph OS's notable features included:

  • Linux kernel hardened with the grsecurity and PaX patchset.[12]
  • Linux namespaces and xpra for application containment.
  • Mandatory file system encryption during installation using LUKS.
  • Configurable firewall rules to automatically ensure that network connections for installed applications are made using the Tor anonymity network. Default settings ensure that each application's communication is transmitted via an independent circuit on the network.
  • GNOME Shell integration for the OZ virtualization client,[13] which runs apps inside a secure Linux container, targeting ease-of-use by everyday users.[14]

Security

[edit]

The security of Subgraph OS (which uses sandbox containers) has been questioned in comparison to Qubes (which uses virtualization), another security focused operating system. An attacker can trick a Subgraph user to run a malicious unsandboxed script via the OS's default Nautilus file manager or in the terminal. It is also possible to run malicious code containing .desktop files (which are used to launch applications). Malware can also bypass Subgraph OS's application firewall. Also, by design, Subgraph does not isolate the network stack like Qubes OS.[15]

See also

[edit]

References

[edit]
  1. ^ "DistroWatch.com: Subgraph OS". DistroWatch.com. 2023-01-30. Retrieved 2023-10-13.
  2. ^ "Subgraph OS September 2017 ISO Availability". subgraph.com. Retrieved 22 September 2017.
  3. ^ "Subgraph: This Security-Focused Distro Is Malware's Worst Nightmare". Linux.com. 2018-01-26. Retrieved 2023-10-13.
  4. ^ "DistroWatch.com: Put the fun back into computing. Use Linux, BSD". DistroWatch.com. 2017-01-30. Retrieved 2023-10-13.
  5. ^ updated, Mayank SharmaContributions from Brian Turner last (May 9, 2022). "Best Linux distro for privacy and security of 2023". TechRadar.
  6. ^ "Subgraph announces security conscious OS" – via www.wired.co.uk.
  7. ^ "Secure Your Online Privacy With These Linux Distributions". It's FOSS. February 22, 2017.
  8. ^ "Subgraph OS, a new security-centric desktop distribution [LWN.net]". lwn.net.
  9. ^ Styles, Kirsty (16 March 2016). "Subgraph will be Snowden's OS of choice – but it's not quite ready for humans yet". The Next Web. Retrieved 7 July 2016.
  10. ^ "Subgraph - Blog". subgraph.com. Retrieved 2023-08-03.
  11. ^ "Subgraph". GitHub. Retrieved 2023-08-03.
  12. ^ "Hardening". subgraph.com. Retrieved 2023-08-03.
  13. ^ "subgraph/oz: OZ: a sandboxing system targeting everyday workstation applications". GitHub. Retrieved 2023-10-13.
  14. ^ "GitHub - OZ: a sandboxing system targeting everyday workstation applications". Subgraph. Retrieved 6 October 2016.
  15. ^ "Breaking the Security Model of Subgraph OS | Micah Lee's Blog". micahflee.com. Retrieved 2017-04-25.
[edit]
Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=Subgraph_(operating_system)&oldid=1254224593"