45 lines
1.3 KiB
Markdown
45 lines
1.3 KiB
Markdown
# Security
|
|
|
|
Part of the design philosophy that drives my inspiration for Gila is the idea
|
|
of creating a new, fast, and safe kernel with security as a central focus.
|
|
Kernels such as Linux, Mach, and NT have been around for too long to work
|
|
perfectly with today's system security model. Gila is brand-new, and built
|
|
almost exclusively in Rust for the utmost memory safety.
|
|
|
|
## Goals
|
|
|
|
- Distrustful by default
|
|
- Small, simple, and transparent
|
|
- Performant
|
|
- Capability based
|
|
- Highly isolated
|
|
|
|
## Gila's security model
|
|
|
|
### Microkernel architecture
|
|
|
|
Gila is a microkernel. Only the most important functionality runs at Ring 0
|
|
(Protected Mode) to reduce attack surface. This functionality includes:
|
|
|
|
- Modifying and reading kernel configurations
|
|
- Process creation and destruction
|
|
- Scheduling
|
|
- Memory allocation and management
|
|
- Inter-process communication
|
|
- Hardware communication interfaces
|
|
|
|
User processes perform complex functionality by interacting with server
|
|
processes. Servers perform many different things:
|
|
|
|
- PCI(e)
|
|
- USB
|
|
- Security policy
|
|
- Filesystems
|
|
- Logins
|
|
|
|
### Capability based MAC
|
|
|
|
Eventually, once Gila is complex enough to need access control, I would like to
|
|
implement support for capability-based mandatory access control. Details will
|
|
be decided on once more APIs are stabilized.
|