The code inside system software like kernels, operating systems, and hypervisors controls access to all system resources, making it the most critical pillar of system security.
Attacks on operating systems (OS) keep making headlines, and it seems like there is a new security update every week. System software vulnerabilities are still a major problem—one that can slow down software projects. And yet, the tools and methods used to develop system software have changed little over the past decades, especially when compared to the advances that have been made in application software development.
Traditionally, system software has been approached as a generic solution to address a specific class of needs (microkernels for real-time applications; general-purpose OSs, guest OSs for lightweight virtual machines, etc.). System software is generally developed in C or C++, which are not secure programming languages, and little to no code is shared between software.
CEA-List is rethinking this approach to system software to offer strong guarantees of trustworthiness. The tools and methods being developed at CEA-List deliver a reasonable tradeoff between security, performance, and development cost.
One of CEA-List’s solutions is XanthOS. It is not an operating system (OS) or other system software, but rather a framework for developing system software for a specific application.
The principle is to develop the smallest possible system software that best meets the system requirements of the target application.
XanthOS offers a number of features:
