The "marketing fluff" is here [0]. From my understanding, the relatively novel things they're doing at the lowest levels are making it a microkernel, and using a capability-based security model [1].
The former decreases the Ring 0 attack surface, and the latter makes it challenging to cause a confused deputy problem -- you know, the ol' classic "whoops this daemon running as root accidentally allowed a browser tab to read /etc/shadow." Or the time honored problem of a single exploit in one process giving access to all files (and in some cases, all processes' memory and resources) controlled by a given user. Capabilities also make it relatively easy to sandbox userspace code, and to reason about what it has access to. Kinda like containers, but as a core concept rather than tacked on a few decades into development.
Now these concepts aren't new, but they haven't been deployed or supported at the scale Fuchsia may end up at. Which obviously makes it a pretty exciting project in terms of real-world impact. That said, I believe there's been some speculation that part of the motivation for Fuchsia is to avoid the mess that is out-of-tree drivers on Android. So on the one hand, the kernel can be updated more easily, but on the other hand there may in practice be a lot more unpatchable binary blobs floating around doing important things.
For a more academic project that has many of the same security concepts there's seL4 [2], which has the additional bonus of doing some insanely clever formal verification of the kernelspace code [3]. They have formal proofs that the compiled machine code actually implements the specified of the security model correctly, which is the first of its kind AFAIK. They actually have a set of interactive tutorials for the platform [4], which are a great way to get a feel for how userspace works on a security-focused kernel.
As a disclaimer, I'm not associated with either project, and I'm sure my explanations will be ripped to shreds. My information comes purely from following the space in my free time.
The former decreases the Ring 0 attack surface, and the latter makes it challenging to cause a confused deputy problem -- you know, the ol' classic "whoops this daemon running as root accidentally allowed a browser tab to read /etc/shadow." Or the time honored problem of a single exploit in one process giving access to all files (and in some cases, all processes' memory and resources) controlled by a given user. Capabilities also make it relatively easy to sandbox userspace code, and to reason about what it has access to. Kinda like containers, but as a core concept rather than tacked on a few decades into development.
Now these concepts aren't new, but they haven't been deployed or supported at the scale Fuchsia may end up at. Which obviously makes it a pretty exciting project in terms of real-world impact. That said, I believe there's been some speculation that part of the motivation for Fuchsia is to avoid the mess that is out-of-tree drivers on Android. So on the one hand, the kernel can be updated more easily, but on the other hand there may in practice be a lot more unpatchable binary blobs floating around doing important things.
For a more academic project that has many of the same security concepts there's seL4 [2], which has the additional bonus of doing some insanely clever formal verification of the kernelspace code [3]. They have formal proofs that the compiled machine code actually implements the specified of the security model correctly, which is the first of its kind AFAIK. They actually have a set of interactive tutorials for the platform [4], which are a great way to get a feel for how userspace works on a security-focused kernel.
As a disclaimer, I'm not associated with either project, and I'm sure my explanations will be ripped to shreds. My information comes purely from following the space in my free time.
0: https://fuchsia.dev/fuchsia-src/concepts/principles/secure
1: https://en.wikipedia.org/wiki/Capability-based_security
2: https://sel4.systems/
3: https://sel4.systems/Info/FAQ/proof.pml
4: https://docs.sel4.systems/Tutorials/