The CLIP OS project is an open source project maintained by the National Cybersecurity Agency of France (ANSSI) that aims to build a hardened, multi-level operating system, based on the Linux kernel and a lot of free and open source software.
Initially developed to answer the security requirements of French administrations, the previous versions of CLIP OS were not publicly available.
Since September 2018, the project sources are published and the project is open to contributions. Here is the list of the elements published:
- The source code and documentation (in French) of CLIP OS version 4. This source archive is made available as a reference for upstream patches contribution and future developments.
- The source code and documentation (in English) of CLIP OS version 5. This is the current and actively developed version of the project which is considered to be in alpha status.
The CLIP OS project is based on more than ten years of internal development at ANSSI to build a hardened operating system.
Here is a list of security properties that are not easy to obtain in currently available operating systems:
- Multi-level support to handle information at multiple confidentiality levels.
- Restricted administrator access in production: an administrator should not be able to compromise a system deployed in production nor access user data.
- Fully automated and unattended builds from the source of the system images.
- Deep environment integration opportunities.
Differences with Qubes OS?
Even though the CLIP OS and Qubes OS projects have a lot of similar objectives, they differ in practice on several topics:
- The main mechanism for environment isolation is different:
- CLIP OS leverages Linux kernel primitives to create containers with the help of additional features brought by Vserver, Linux kernel hardening (security for version 4) and a tailored Linux Security Module (LSM). This approach enables a fine-grained control on the data exchanges between isolated environments (e.g., handling a notion of files, processes, and sockets) and permissions (e.g., restriction to ring 3 features for malicious code, limitation on the allowed system calls).
- Qubes OS leverages hardware-based virtualization with a hypervisor (Xen), and a main virtual machine (dom0) which is a GNU/Linux system with services handling data exchange between virtual machines.
- Administrators have different roles and powers:
- Administrators on a CLIP OS system are not able to compromise system integrity or access user data. They can only access a restricted set of configuration options.
- On Qubes OS systems, the main user of each virtual machine is also the administrator of its own environment. The system administrator of the main domain (dom0) can change all the configuration options and may access all user data without any restriction.
Just like the Gentoo project, CLIP OS is mostly available as source code that you need to process to create a system image. For now, there is no pre-packaged version of CLIP OS 5 made available. The documentation contains all the instructions to enable you to build your own version of CLIP OS 5.
The current official and only name of the project is “CLIP OS”.
The National Cybersecurity Agency of France (ANSSI) is the French authority in the area of cyber defense and network and information security (NIS). To fulfill its missions, ANSSI deploys a broad range of regulatory and operational activities, from issuing regulations and verifying their application, to monitoring, alert and rapid response – particularly on government networks.
What we seek to promote
ANSSI provides its expertise and technical assistance to government departments and businesses and plays an enhanced role in supporting operators of vital importance.
It is responsible for promoting technologies, trustworthy products, and services, systems and know-how both to experts and to the general public. It, therefore, plays a role in developing trust in the use of digital technologies.
We at AppsForMyPC have tested and used CLIP OS and it worked pretty smoothly 🙂 🙂