Genode's Norman Feske talks about security
A very clear-headed description of what information security actually is, and how systems like Genode or Qubes OS contributes to making it better.
Compartmentalization with Genode
Genode reduces the attack surface on software similarly to how bulkheads reduce seafaring risks.
Like bulkheads, Genode is designed for
-
Structural integrity,
-
Strong walls between compartments,
-
Minimizing of outside-facing doors and windows that may be misused to illegitimately enter the structure (attack surface from the outside),
-
Locked doors between compartments that cannot be circumvented without authorization, The cook cannot enter the machine room. The machinist cannot enter the kitchen. However, the machinist may eat the meal prepared by the cook.
-
Storing treasures in vaults.
The sole purpose of the kernel is the creation of isolated compartments and the controlled and explicitly authorized interaction between compartments. The less complex the kernel, the smaller is the chance of cracks in the walls between the compartments. With a microkernel of less than 15K lines of code, there is a realistic chance that the kernel is completely free from vulnerabilities.