SyncOS Revisions

SyncOS is remastered from Secure-K OS, a Debian Stretch Linux-based live USB operating system.

SyncOS revisions are summarized in the following, among other updates:

  • OS file system is encrypted to strengthen the protection, make it's harder to decipher its iso image file. The boot up procedure is therefore including a decryption procedure.
  • It attaches encrypted credential file and certificate in the USB drive. It adds certificate auditing procedure. So the same live USB OS can be used by different users using different Linux passwords. It allows administrator assigning and provisioning OS drive for mass end-users based on same OS image. Each end-user has own password and unique profile based on certificate attached.
  • It provides Linux/Debian edition SyncOffice suite applications. SyncOffice under SyncOS forms a perfect office application sandbox.
  • SyncOS also embeds a LXC container for email client applications. In addition to a.m. constraint measures, to add some flexibility, SyncOS support a pre-built LXC container OS for 3rd party applications. Under this Application Container LXC desktop OS, user works like in an ordinary/open OS. He can install and run his own applications without sandbox related limitations.
  • SyncOS' LXC architecture isolates the work places and protects documents and files. It guarantees that any files littered around by SyncOffice suite won't leak to other web access applications, including email client. Other applications are all constrained within its own LXC container, and have no chance to touch the SyncOffice saved files.
  • On boot up, once certificate initial audit passed, SyncOS will decipher the cloud parameters from attached credential file, automatically login to corporate cloud and map the cloud folder to a SyncOffice's local folder. This makes cloud access manageable, and avoids to handover those critical cloud passwords to every end-user's hand to let them do login.
  • After boot up, SyncOS disables USB and other media. Newly inserted USB device can be recognized, but access to it has been disabled. This is to ensure SyncOS works as a sandbox.

You can refer to the previous SyncOS introduction page for more information.