French cyber-security agency open-sources CLIP OS, a security hardened OS

CLIP OS 4 and CLIP OS 5 now available to everyone on GitHub, not just French cyber-spies.
Written by Catalin Cimpanu, Contributor

The National Cybersecurity Agency of France, also known as ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information), has open-sourced CLIP OS, an in-house operating system its engineers had developed to address the needs of the French government administration.

In a press release, ANSSI described CLIP OS as a "Linux-based operating system [that] incorporates a set of security mechanisms that give it a very high level of resistance to malicious code and allow it to protect sensitive information."

The agency says CLIP OS uses a "partitioning mechanisms" that allows the OS to separate public and sensitive data into two "totally isolated" software environments.

Also: Windows 10 Enterprise customers will now get Linux-like support | Linux adds a code of conduct for programmers | Linus Torvalds takes a break from Linux | Even Linus Torvalds doesn't completely understand the Linux kernel | Google open-sources internal tool for finding font-related security bugs

ANSSI says the system can be deployed on both security gateways and workstations alike, although there is no "ready to use" version of CLIP OS for end-users and they might need to go through a build process to assemble the OS of their liking.

The agency says it's been working on CLIP OS internally for more than 10 years. ANSSI had previously revealed more details about CLIP OS' design at a security conference held in 2015, in Rennes, France.

CNET: This is not your father's Microsoft

The French cyber-security agency has released two versions of CLIP OS, version 4 and 5. Version 4 is the stable branch, but all documentation is available only in French, making it somewhat difficult to build for non-French users.

CLIP OS 5, released today, is the latest version, still at an alpha stage of development. This project's documentation is available in English, making it ideal for newcomers and external developers to jump in and contribute to the project right away.

ANSSI devs have also released 14 CLIP OS 4 modules, which they say "are interesting from a security point of view as they may be re-used outside of the CLIP OS project."

Some of these self-standing modules include a pluggable authentication module (PAM) to restrict user access based on their roles, a daemon handling user management tasks, a lighthweight TPM command-line tool, and various cryptography and encryption related libraries.

TechRepublic: How Amazon wants to use serverless apps to end human trafficking

Details on accessing the CLIP OS source code, documentation, and participating in future development are available on the official CLIP OS website.

The operating system's code and documentation are hosted via GitHub. The project has been open-sourced under the GNU Lesser General Public License v2.1.

These are 2018's biggest hacks, leaks, and data breaches

Previous and related coverage:

What is malware? Everything you need to know

Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.

Security 101: Here's how to keep your data private, step by step

This simple advice will help to protect you against hackers and government surveillance.

VPN services 2018: The ultimate guide to protecting your data on the internet

Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.

Five computer security questions you must be able to answer right now

If you can't answer these basic questions, your security could be at risk.

Critical infrastructure will have to operate if there's malware on it or not

Retired US Air Force cyber-security expert shares his thoughts on the future of critical infrastructure security.

Ordinary Wi-Fi devices can be used to detect suspicious luggage, bombs, weapons

Researchers turn ordinary WiFi devices in rudimentary scanners that can identify potentially dangerous objects hidden inside bags or luggage.

Related stories:

Editorial standards