The French Network and Information Security Agency (ANSSI) just declassified and released the sources of its long-time internal hardened Linux distribution: CLIP OS. The project’s main goal is to build an operating system able to handle confidential information at multiple levels.
This talk is focused on the CLIP OS architecture and the main security-relevant additions to the Linux kernel. As the project is now open source and day-to-day development realized in the open, more modifications will be suggested for inclusion in upstream projects. We are also revisiting some parts of the architecture and we discuss possible security evolutions we are interested in.
Mickaël Salaün and Timothée Ravier, ANSSI