CLIP OS: an operating system from the French Cybersecurity Agency

Isaac

2 minutes

French Cybersecurity Agency Logo

La French National Cybersecurity Agency (ANSSI) is the protagonist of our news, and it is that it has decided to open its CLIP OS operating system, so the whole community will be able to nourish itself from it and also contribute to this interesting project that has a lot to do with the security that is needed to satisfy the specific needs of the French administration as required from the Gallic country.

CLIP OS is a Linux-based operating system where issues relevant to security have been pampered a lot. It has code maintained and led by ANSSI developers, although most of the code in this project is known because it is the Linux kernel code itself that the system uses, the GNU project's collection of tools, etc., that is, basically as any other Linux distribution that any of us use, but with a good hardening job behind it ...

As we have learned, the CLIP OS operating system is the internal development result of more than 10 years and is based on the Gentoo Hardened distribution of which we have spoken at some point in this blog. For those who do not know it, it is nothing more than a Gentoo distro with an emphasis on security, so it has interesting changes to improve it compared to a normal Gentoo. Also, CLIP OS has many similarities to Google Chromium OS or the Yocto project (a custom embedded distro).

CLIP OS has a series of very interesting security mechanisms, such as a isolation environment ("partition") so that users can simultaneously process public and confidential information within two totally isolated software environments ("cages"), thus avoiding the risk of sensitive information being leaked onto a public network. The cage runtime is isolated from the kernel and other cages. Interaction between parts is possible, but the interaction between a cage and the core is carefully controlled. While cage-to-cage interaction is forbidden directly, it can only be mediated by kernel services.

If you want to access the versions that ANSSI has released you can access the version 4 (stable) and the 5 (alpha in development).


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.