SOURCE
Subgraph OS: Adversary resistant computing platformCode: Select all
https://subgraph.com/sgos/index.en.htmlSubgraph believes that the best way to empower people to communicate and live freely is to develop technology that is secure, free, open-source, and verifiably trustworthy. Subgraph OS is an important part of that vision. The Internet is a hostile environment, and recent revelations have made it more apparent than ever before that risk to every day users extends beyond the need to secure the network transport - the endpoint is also at risk. Subgraph OS was designed from the ground-up to reduce the risks in endpoint systems so that individuals and organizations around the world can communicate, share, and collaborate without fear of surveillance or interference by sophisticated adversaries through network borne attacks. Subgraph OS is designed to be difficult to attack. This is accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also places emphasis on the integrity of installable software packages.
Hardened
- Hardened Computing Platform - Mitigations are effective at making it more expensive to reliably exploit many classes of vulnerabilities. One of the primary goals of Subgraph OS is to increase the cost of successful attacks against users through a defense-in-depth strategy. Therefore Subgraph OS includes mitigation features to help accomplish this objective. Some of them are outlined below.
- Kernel Hardened with Grsecurity/PaX - Subgraph OS ships with a kernel hardened with Grsecurity, the best set of Linux kernel security enhancements available. Grsecurity includes PaX, a set of patches to make both the userland and the kernel more resistant to exploitation of memory corruption vulnerabilities. Other Grsecurity enhancements strengthen local access control and provide a more secure environment for application containment.
- Container Isolation - Subgraph OS's application containment mechanism creates sandboxes around at-risk applications, such as the browser, email client, PDF viewer, and IM client. The objective of this is to contain the impact of a successful attack against these applications, preventing compromise of the entire system. Each application within a container has a limited view of the host system and limited set of capabilities such as limiting access to the file system or the network. Strengthening the level of isolation that Subgraph OS can provide will be an ongoing area of research focus.
- Application Network Policy - Subgraph OS includes features to enforce application network policies such as Subgraph Metaproxy and the application firewall.
Metaproxy is configured to redirect outgoing connections to the Tor network based on a white-list of approved applications. Each application is automatically relayed through a proxy that will use a different Tor circuit. This will help ensure that, for example, the instant messaging client and web browser are not passing over the same Tor circuit, which could undermine the anonymity provided by Tor.
The application firewall will restrict which applications can connect to the network based on the name of the application or the destination. Users will be prompted to set temporary or permanent policies as outgoing connections are made. This can help prevent malicious code from making unauthorized outgoing connections to phone home. - Mandatory Filesystem Encryption - Subgraph OS users who install the operating system must have encrypted filesystems. It is not optional in Subgraph OS.
Encrypted filesystems help to prevent certain types of attacks by an adversary with physical access to the computer. - Secure Runtimes - Subgraph believes that managed runtimes and memory-safe languages should be used where possible. For this reason, CoyIM, the Metaproxy, and other components of the Subgraph OS are written in higher level languages that are memory-safe or run in managed runtimes, making them less susceptible to memory corruption style implementation vulnerabilities. This is done with the intent of reducing entire avenues of attack against these applications.
- Package Security - Subgraph OS ships with a reduced set of packages to minimize the total attack surface. Subgraph OS identifies key applications that are especially high-risk and adds additional controls, such as containment. Additionally, certain applications, such as the email client, have been re-written from scratch by Subgraph.
- Binary Integrity - Reducing the risk of installation of malicious or vulnerable packages is a long term priority for Subgraph. Subgraph is developing a deterministic build process for verifying the integrity of distributed binary packages. This will allow users to verify that the binary packages from our repositories have not been tampered with as the user can rebuild them from source on their computer and compare the results against our builds.
One of the design objectives of Subgraph OS is create an endpoint that is resistant to user identification and tracking. Anonymization through the Tor onion routing network plays an important role in the Subgraph approach to accomplishing this.
- Everything through Tor - By default policy, Subgraph OS will restrict the communication of applications so that they use the Tor network exclusively, obfuscating the endpoint's physical origin. Applications will be transparently redirected to connect through the Tor network via our Metaproxy application. Metaproxy will intercept outgoing connections and relay them through the correct proxy (SOCKS, HTTP, etc). Proxy configuration is managed within Metaproxy, allowing applications to transparently connect to the Tor network without having to configure each individual application to use a proxy.
Exceptions to the "everything through Tor" policy will be made for specific use cases, such as accessing a captive portal on a public wi-fi network. - Application Network Policy - The policy that controls how and when applications can connect to external peers will be enforced in two different ways.
Firstly, the Subgraph Metaproxy is configured to white-list allowed applications based on connection properties such as the name of the application and the destination port. Any connections that do not match the white-list will simply be dropped. Metaproxy is also configured to leverage Tor's stream isolation capabilities to ensure that two applications do not use the same Tor circuit. This will make it more difficult to correlate activities from different applications to the same pseudonym.
Our second layer of network policy enforcement is the application firewall. The application firewall manages outgoing connections. When it sees a new connection that does not match an existing policy, it prompts to user to accept or deny the connections on a temporary or permanent basis. The user will be able to set policy based on the properties they wish to allow or deny, such as the destination of the connection or the name of the application that initiated the connection.
Subgraph OS was designed to enable secure communication, and key parts of a secure communications platform are the email and instant messaging clients. Subgraph includes Icedove and CoyIM for secure communication.
- Icedove - Icedove is a GUI-based, modern desktop email client. Icedove supports IMAPS and can be used with your existing e-mail service provider. Icedove is based on Mozilla Thunderbird, with the Enigmail (PGP) TorBirdy (anonymization) extensions configured to be used by default. Icedove runs under grsecurity, in the Oz sandbox, and over Tor by default.
- CoyIM - Subgraph OS includes CoyIM, a new XMPP instant messenger client that has been written from scratch in a modern programming language resistant to memory corruption vulnerabilties. Like Icedove, CoyIM runs with grsecurity/PaX protections, is sandboxed with Oz, and connects over Tor by default.
THIS IS STILL IN ALPHA
SHA256 : 5c2ecd2173ae3d0074ca623a65400e2900fd7c1bcc0b3c9dbfb5b01210fc7b85
Code: Select all
https://support.subgraph.com/sgos/alpha/subgraph-os-alpha_2016-03-11_1.iso**EDITED TO ADD SOME SCREENSHOTS""
