Structuring the System Layer with Dataspaces
Implementing a secure and scalable system layer on mobile
The system layer is an essential but often-ignored part of an operating system, mediating between user-facing programs and the kernel. Despite its importance, the concept has only been recently recognised and has not received a great deal of attention. The novel Dataspace Model of concurrency and communication combines a small number of concepts to yield succinct expression of ubiquitous system-layer features such as service naming, presence, discovery and activation; security mechanism and policy; subsystem isolation; and robust handling of partial failure. This project will evaluate the hypothesis that the Dataspace Model provides a suitable theoretical and practical foundation for system layers, since a well-founded system layer is a necessary part of any vision of secure, securable, resilient networked personal computing.
- The project's own website: https://synit.org
Why does this actually matter to end users?
How can you understand and trust a complex system, like the operating system managing the hardware and software on your computer? One way to get a hold of everything that is going on and control how your sensitive data or processes are exactly handled, is by first laying out which layer in your system does (and is allowed to do) what. A great layer for this level of detailed control is the system layer, as this isolates the kernel, which connects (and isolates) the application software from the hardware it runs on.
This project aims to use the system layer to create a transparent way of controlling what software runs and what other programs it is allowed to talk to. Similar to a conversation, programs meet each other and talk in virtual locations, learning to understand each others tasks and states. Managing a computer in this way can significantly increase its transparency, as well as its privacy and security guarantees. A proof of concept will be created for the open source Linux-based operating system for mobile phones postmarketOS. This will not only demonstrate the power of this control, but also make postmarketOS even more transparent and user-centric.
This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.