|
|
|
|
|
|
by nickpsecurity
3499 days ago
|
|
|
There's a lot of conceptual similarity to Nizza architecture that's explained thoroughly in this paper: https://os.inf.tu-dresden.de/papers_ps/nizza.pdf From there, Genode is a different take on the same concept even using some of the same components (eg Nitpicker GUI). In both, there are various components integrated that might be used in other projects. A specific set of components together makes up a desktop. A different set might make an appliance. A different set a TV box. Much like how you build your Linux distros with packages and source files but these components can run on the microkernel communicating with each other and operating within their resource-management scheme. That scheme is hierarchical where each process spawns others with control of their memory or resources. Includes ways to let them communicate in such a way that your attack surface is mostly restricted to that composition. Feske, the designer, gives specifics here: http://www.slideshare.net/sartakov/genode-os-framework Nitpicker by itself is worth looking at if you're unfamiliar with trusted paths. Too few systems have a good one. https://os.inf.tu-dresden.de/papers_ps/feske-nitpicker.pdf |
|
|
I'll read up the linked resources.