| It's actually a feature that goes way back to the Compartmented Mode Workstations that were sold in Orange Book days for higher security than regular UNIX. The higher-security ones often balanced security and performance by figuring out which components had to be secure and shared vs which they could just duplicate without trust. Epstein et al's TX is an example with many details: https://www.acsa-admin.org/2006/papers/epstein-paper.pdf Vendors of separation kernels, with Green Hills in lead, started distributing MILS workstations with browser VM's and such in 2005: http://www.ghs.com/news/20050419_secure_products.html Tahoma started first browser-oriented OS running on Xen and Linux in 2006: https://www.gribble.org/papers/gribble-Tahoma.pdf Finally, OP Web Browser applied POLA and safe languages internally around 2008 with Chrome partly copying it (with less security for performance): http://www.cse.psu.edu/~trj1/cse543-s15/docs/grier_sp08.pdf So, high-assurance community has been on this with numerous projects and products released. Many had small, strong TCB's. The oldest had the color schemes and everything. QubesOS is the newcomer with less security than many forerunners but great usability & openness. Better than average Linux distro. Closest to prior designs with active community is genode.org. |