[nickpsecurity]

I think it's interesting work with performance tradeoff and such. I've even used this same approach at the library level where some are optimized for speed and some safety depending on app they're integrated with. Yet, there's two things going against it for system protection: (a) OS's have so many potential vulnerabilities and covert channels that it's best to isolate them entirely into a protection domain with careful interfaces to other partitions; (b) the protection schemes on code, hardware or software, have gotten much better than the limited guarantees this scheme offers with performance hit that we can live with. Regarding (b), they even referenced one (SVA-OS) I considered building a medium-assurance design on. Softbound for full, C memory safety is also interesting and Control Pointer Integrity if you have segments.

Many interesting tech for turning exploits into mere exceptions or things that don't compile in the first place. Also many tech's for isolating all that mess in a box with low overhead and easier-to-check interface protection. I'd rather take a combination of those than a split kernel.