This is a NAVAL POSTGRADUATE SCHOOL MONTEREY CA report procured by the Pentagon and made available for public release. It has been reproduced in the best form available to the Pentagon. It is not spiral-bound, but rather assembled with Velobinding in a soft, white linen cover. The Storming Media report number is A525304. The abstract provided by the Pentagon follows: Security engineering requires a combination of features and assurance to provide confidence that security policy is correctly enforced. Rigorous engineering principles are applicable across a broad range of systems. The purpose of this study is to analyze and compare three operating systems, including two general-purpose operating systems (Linux and OpenBSD) and a commercially available, embedded operating system (Talisker). The basis for the comparison considers secure software design principles, such as information hiding, hierarchical structuring, and modularity, as well as software complexity metrics, such as the McCabe Cyclomatic Complexity and the number-of-lines-of- code. In this analysis, we use a reverse engineering tool to show how the three operating systems compare to each other with respect to the qualities of a secure operating system design. The operating systems, their kernels, and their scheduling subsystems are analyzed and compared. From the results, it is shown that the OpenBSD operating system, kernel, and scheduler are the best when considering hierarchical structuring, modularity, and information hiding. The Linux kernel and scheduler and the Talisker operating system are least complex when considering the McCabe complexity and the number-of-lines-of-code.