• 欢迎访问速搜资源吧,如果在网站上找不到你需要的资源,可以在留言板上留言,管理员会尽量满足你!

【速搜问答】Subgraph是什么

问答 admin 1年前 (2020-09-08) 211次浏览 已收录 0个评论

汉英对照:
Chinese-English Translation:

Subgraph OS 是 Linux 发行版,旨在抵抗 Internet 上复杂的对手的监视和干扰。它基于 Debian Linux。其功能旨在减少操作系统的攻击面,并增加执行某些类型的攻击所需的难度。

Subgraph OS is a Linux distribution designed to resist surveillance and interference from complex adversaries on the Internet. It’s based on Debian Linux. Its function is to reduce the attack surface of the operating system and increase the difficulty of performing some types of attacks.

Subgraph OS 是 Linux 发行版,旨在抵抗 Internet 上复杂的对手的监视和干扰。它基于 Debian Linux。爱德华·斯诺登(Edward Snowden)提到该操作系统具有未来潜力。

Subgraph OS is a Linux distribution designed to resist surveillance and interference from complex adversaries on the Internet. It’s based on Debian Linux. Edward Snowden mentioned the future potential of the operating system.

Subgraph OS 被设计为锁定的,其功能旨在减少操作系统的攻击面,并增加执行某些类型的攻击所需的难度。这可以通过系统强化以及对安全性和抗攻击性的持续关注来实现。Subgraph OS 还强调通过确定性编译来确保已安装软件包的完整性。

Subgraph OS is designed to be locked, and its function is to reduce the attack surface of the operating system and increase the difficulty required to perform certain types of attacks. This can be achieved through system reinforcement and a constant focus on security and anti attack. Subgraph OS also emphasizes deterministic compilation to ensure the integrity of installed packages.

功能

function

Subgraph OS 的一些显着功能包括:

Some notable features of subgraph OS include:

Linux 内核通过 grsecurity 和 PaX 补丁集进行了加固。

The Linux kernel is reinforced by grsecurity and Pax patch sets.

Linux 名称空间和 xpra 用于应用程序包含。

Linux namespace and xpra are used for application inclusion.

使用 LUKS 在安装过程中强制进行文件系统加密。

Use luks to force file system encryption during installation.

抵抗冷启动攻击。

Resist cold start attacks.

可配置的防火墙规则可自动确保使用 Tor 匿名网络建立已安装应用程序的网络连接。默认设置可确保通过网络上的独立电路传输每个应用程序的通信。

Configurable firewall rules automatically ensure that network connections for installed applications are established using tor anonymous networks. The default settings ensure that each application’s communication is transmitted over a separate circuit on the network.

用于 OZ 虚拟化客户端的 GNOME Shell 集成,该应用程序在安全的 Linux 容器内运行应用程序,目标是使日常用户易于使用。

Gnome shell integration for oz virtualization clients, which runs applications in a secure Linux container, with the goal of making it easy for everyday users to use.

安全性

Security

与另一个专注于安全性的操作系统 Qubes(使用虚拟化)相比,Subgraph OS(使用沙箱容器)的安全性受到了质疑。攻击者可以通过操作系统的默认 Nautilus 文件管理器或在终端中诱使 Subgraph 用户运行恶意的未装箱脚本。也可能运行包含.desktop 文件(用于启动应用程序)的恶意代码。恶意软件还可以绕过 Subgraph OS 的应用程序防火墙。同样,通过设计,Subgraph 无法像 Qubes OS 一样隔离网络堆栈,也不能防止不良的 USB 攻击。

Compared with qubes (which uses virtualization), another security focused operating system, subgraph OS (which uses sandbox containers) is in question. Attackers can trick subgraph users into running malicious unboxed scripts via the operating system’s default Nautilus filer or in the terminal. It is also possible to run malicious code that contains. Desktop files that are used to start applications. Malware can also bypass the application firewall of subgraph OS. Similarly, by design, subgraph cannot isolate the network stack like qubes OS, nor can it prevent bad USB attacks.


速搜资源网 , 版权所有丨如未注明 , 均为原创丨转载请注明原文链接:【速搜问答】Subgraph是什么
喜欢 (0)
[361009623@qq.com]
分享 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址