Calls: Send in your ideas. Deadline April 1, 2024
logo
Talk
Internet Relay Chat (IRC)
Stay up to date
Mailinglist
Grant
Theme fund: NGI0 PET
Start: 2019-06
End: 2022-10
More projects like this
Operating Systems

Spectrum

A security through compartmentalization based operating system

Spectrum is an implementation of a security through compartmentalization based operating system, built on top of the Linux kernel. Unlike other such implementations, user data and application state will be managed centrally, while remaining isolated, meaning that the system can be backed up and managed as a whole, rather than mixed up in several dozen virtual machines. The host system and isolated environments will all be managed declaratively and reproducibly using Nix, the purely functional package manager. This will save the user the burden of maintaining many different virtual computers, allowing finer-grained resource access controls and making it possible to verify the software running across all environments. The Linux base, and a variety of isolation technologies from containers to virtual machines, will bring security through compartmentalization to a much wider range of hardware than previous implementations, and therefore make it accessible to many more people.

Why does this actually matter to end users?

How can you understand and trust a complex system, like the operating system managing the hardware and software on your computer? You can make the complexity simpler by cutting it up into parts, compartmentalizing what does what, where information is stored, which processes talk to each other. This way users can be sure their system only does what it is supposed to do and know precisely what goes in and what comes out. This can be done through virtual machines, which are isolated simulations of operating systems or programs on a computer. Simply put, you create virtual rooms where only one thing happens and only you have the keys to each door. This can give users complete control over what happens on their computer and ensures that if some malicious software finds a way in, it cannot get to the other rooms. This can be very important if your device contains sensitive information, if some ill-meaning third party tries to listen in, or when the device is part of some crucial infrastructure and is targeted for attacks.

Security by isolation sounds simple enough, but in actuality requires a lot of work and maintenance. Operating systems that can compartmentalize programs and processes are very hardware-specific and the virtual machines they run require regular and complicated upkeep. The Spectrum operating system takes a different and simpler approach: all data on the system is stored in one place and applications that need access to that data are isolated and specifically told what information they can and cannot access, even within the same application. For example, when you want your word processor to access certain files when you are working and other documents when you are at home, you can create two versions or simulations (called instances in Spectrum) with specific access rights. Users can keep a clear overview of their system and applications, as well as the various instances they create, by simply writing all this down in a configuration text. A system called Nix takes this text and creates all the software that the user has written down. Each program can be updated separately, without worries that other parts will break or become incompatible. Users always have a clear overview on what is happening on their computer, instead of getting lost in a maze of virtual rooms. Security by isolation becomes more manageable and transparent, making it accessible for a larger audience.

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.