41 lines
		
	
	
		
			1.3 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			41 lines
		
	
	
		
			1.3 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| # Security
 | |
| 
 | |
| Part of the design philosophy that drives my inspiration for Gila is the idea of creating a new, fast, and safe kernel with security as a central focus. Kernels such as Linux, Mach, and NT have been around for too long to work perfectly with today's system security model. Gila is brand-new, and built almost exclusively in Rust for the utmost memory safety.
 | |
| 
 | |
| ## Goals
 | |
| 
 | |
| - Distrustful by default
 | |
| - Small, simple, and transparent
 | |
| - Performant
 | |
| - Capability based
 | |
| - Highly isolated
 | |
| 
 | |
| ## Gila's security model
 | |
| 
 | |
| ### Microkernel architecture
 | |
| 
 | |
| Gila is a microkernel. Only the most important functionality runs at Ring 0
 | |
| (Protected Mode) to reduce attack surface. This functionality includes:
 | |
| 
 | |
| - Modifying and reading kernel configurations
 | |
| - Process creation and destruction
 | |
| - Scheduling
 | |
| - Memory allocation and management
 | |
| - Inter-process communication
 | |
| - Hardware communication interfaces
 | |
| 
 | |
| User processes perform complex functionality by interacting with server
 | |
| processes. Servers perform many different things:
 | |
| 
 | |
| - PCI(e)
 | |
| - USB
 | |
| - Security policy
 | |
| - Filesystems
 | |
| - Logins
 | |
| 
 | |
| ### Capability based MAC
 | |
| 
 | |
| Eventually, once Gila is complex enough to need access control, I would like to
 | |
| implement support for capability-based mandatory access control. Details will
 | |
| be decided on once more APIs are stabilized.
 |