At the core of any operating system is its kernel,  the basic software code that manages system resources and where all code between application and computer passes through. One can imagine that as this software is at the most basic level, it is a prime target for exploitation.

This disadvantage can be turned around, however; by introducing or imporving security measures at this level means that it can be an effctive barrier on all later levels. Many projects exist to do so:

• Security-Enhanced Linux from the NSA is built into common desktop Linux systems. Gaining popularity through the Fedora Project, SELinux is available for Linux, FreeBSD, OpenSolaris and Darwin (Mac OS).
• The Linux Intrusion Detection System (LIDS) is a patch applied on top of the Linux kernel and provides security through rule-based access control. It suppresses the all-access power of the super-user (root) while so limited damage can be done to the system. It also protects itself through a strong password authentication mechanism.
• RSBAC has been implemented in to the Linux kernel since 2000 and provides access control, similar to LIDS, along with other goodies.
• Finally (though I suspect many more exist) grsecurity is aimed at web servers or those that accept remote connections. Emphasis is placed on buffer overflows and other more low-level vulnerabilities.