[marvelous]

> This brings to mind articles and discussions I read in the early 90s about differences in performance between running in real (or "unreal") mode and protected mode

I remember a 10 years old Microsoft Research project that implemented an OS that would use the .NET managed runtime to implement security. IIRC, they had interesting differences with CPU memory isolation off.

I like the idea that you don't need hardware barriers to isolate programs when they are lobotomized.

[_wmd]

You're speaking of Singularity and it's "software isolated processes", which amounted to static verification of IL before AOT compiling it to x86. From the perspective of Sing#, the only way to express IPC was in the form of protocols, which were essentially formalized function call dances between two processes.

Singularity would be just as vulnerable to the recent bugs as contemporary OSes are, possibly more so because there is even less timing uncertainty when crossing privilege domains, making the attacks even easier

[sjmulder]

Cosmos OS is another .NET-based OS toolkit that does this. Here's a video of one of the developers talking about this, and other things: https://channel9.msdn.com/Shows/On-NET/Chad-Z-Hower-aka-Kudz...