# Security

Part of the design philosophy that drives my inspiration for Gila is the idea of creating a new, fast, and safe kernel with security as a central focus. Kernels such as Linux, Mach, and NT have been around for too long to work perfectly with today's system security model. Gila is brand-new, and built almost exclusively in Rust for the utmost memory safety.

## Goals

- Distrustful by default
- Small, simple, and transparent
- Performant
- Capability based
- Highly isolated

## Gila's security model

### Microkernel architecture

Gila is a microkernel. Only the most important functionality runs at Ring 0 
(Protected Mode) to reduce attack surface. This functionality includes:

- Modifying and reading kernel configurations
- Process creation and destruction
- Scheduling
- Memory allocation and management
- Inter-process communication
- Hardware communication interfaces

User processes perform complex functionality by interacting with server 
processes. Servers perform many different things:

- PCI(e)
- USB
- Security policy
- Filesystems
- Logins

### Capability based MAC

Eventually, once Gila is complex enough to need access control, I would like to
implement support for capability-based mandatory access control. Details will 
be decided on once more APIs are stabilized.