Operating system security

open-source software for deploying and running of containerized applications

' is a shell command for changing access permissions and special mode flags of files (including special files such as directories). The name is short for change mod'e where mode refers to the permissions and flags collectively.

thumb|367x367px|List of user groups as displayed in Arch Linux. Here, the superuser is "root".

' , short for change own'er, is a shell command for changing the owning user of Unix-based file system files including special files such as directories.

software security mechanism

', short for change group', is a shell command for changing the group associated with a Unix-based file system file including special files such as directories. Changing the group of a file is restricted to a super-user (such as via ) or to the file's owning user if the user is in the specified group.

GrapheneOS is a free and open-source, privacy- and security-focused, Android-based operating system for Google Pixel and future Motorola devices. GrapheneOS is built on the Android Open Source Project. It focuses on researching and improving the privacy and security of Android. GrapheneOS is developed by the GrapheneOS Foundation, a Canadian nonprofit corporation.

process to gain control of computer privileges that are not allowed to a user or application by default

method for creating isolated software execution environments, provided by some operating system kernels

Linux distribution

type of access control

NixOS is a Linux distribution built around the Nix package manager. Unlike traditional Linux distributions, NixOS is configured using a functional language that describes the system configuration. It generates complete system profiles, enabling reproducible deployments, atomic upgrades, and system rollbacks.

Linux Containers (LXC) is an operating system-level virtualization method for running multiple isolated Linux systems (containers) on a control host using a single Linux kernel.

free software version of Android

OpenVZ (Open Virtuozzo) is an operating system-level virtualization technology for Linux. It allows a physical server to run multiple isolated operating system instances, supporting containerization, virtual private servers (VPSs) and virtual environments (VEs). OpenVZ is similar to Solaris Containers and LXC.

technology used in CPUs

Whonix (, ) is an anonymity focused Linux distribution.

computer security technique

framework that allows the Linux kernel to support a variety of computer security models

cgroups (abbreviated from control groups) is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, etc.) of a collection of processes.

computing term; delegation of authority to perform security-relevant functions on a computer system

standard security product included in the z/OS operating system

term

Genode is a novel OS architecture that aims to improve software safety by applying a strict organizational structure to all software components including device drivers, system services, and applications.

Project aiming to reduce the risk of attacks on Linux systems

application programming interface

operating systems, that are focused on anonymous, privacy and security

W^X (write xor execute, pronounced W xor X) is a security policy in operating systems and software frameworks. It implements executable space protection by ensuring every memory page (a fixed-size block in a program’s virtual address space, the memory layout it uses) is either writable or executable, but not both. Without such protection, a program can write (as data "W") CPU instructions in an area of memory intended for data and then run (as executable "X"; or read-execute "RX") those instructions. This can be dangerous if the writer of the memory is malicious.

feature of the Linux kernel that partitions resources

In computing, runas (a compound word, from “run as”) is a command in the Microsoft Windows line of operating systems that allows a user to run specific tools and programs under a different username to the one that was used to logon to a computer interactively. It is similar to the Unix commands sudo and su, but the Unix commands generally require prior configuration by the system administrator to work for a particular user and/or command.

ssh-keygen is a standard component of the Secure Shell (SSH) protocol suite found on Unix, Unix-like and Microsoft Windows computer systems used to establish secure shell sessions between remote computers over insecure networks, through the use of various cryptographic techniques. The ssh-keygen utility is used to generate, manage, and convert authentication keys.

concept in computer security

Linux distribution

Apptainer (formerly Singularity) is a free and open-source computer program that performs operating system-level virtualization also known as containerization.