1.3 KiB
Security
Part of the design philosophy that drives my inspiration for Gila is the idea of creating a new, fast, and safe kernel with security as a central focus. Kernels such as Linux, Mach, and NT have been around for too long to work perfectly with today's system security model. Gila is brand-new, and built almost exclusively in Rust for the utmost memory safety.
Goals
- Distrustful by default
- Small, simple, and transparent
- Performant
- Capability based
- Highly isolated
Gila's security model
Microkernel architecture
Gila is a microkernel. Only the most important functionality runs at Ring 0 (Protected Mode) to reduce attack surface. This functionality includes:
- Modifying and reading kernel configurations
- Process creation and destruction
- Scheduling
- Memory allocation and management
- Inter-process communication
- Hardware communication interfaces
User processes perform complex functionality by interacting with server processes. Servers perform many different things:
- PCI(e)
- USB
- Security policy
- Filesystems
- Logins
Capability based MAC
Eventually, once Gila is complex enough to need access control, I would like to implement support for capability-based mandatory access control. Details will be decided on once more APIs are stabilized.