Secure OS / non-trusted computing

[alexei]

It's rather interesting, people still care more about performance than security/privacy/stability.
Since "unix" times there is a strong tendency to incorporate into OS whatever possible, just to attract application developers. Both Linux and Windows are enormously bloated and vulnerable because of that. To become safe, secure, and stable OS should not include anything that can be done in application. Sharing hardware among applications is the only essential OS function.
I see nothing wrong with application using TCP/IP library to communicate with network packet service/server (another "system" application) that was granted access (by OS) to network card hardware. OS itself does not need networking There is no need to share code between OS and applications. OS does not need to load modules from filesystem - just read memory image at bootup from reserved partition or better from read-only medium (image is generated at OS install-time).
Of course, each application should not see anything, but its memory space. Linking applications with kernel is a pure nonsence - OS code exposed to applications allowes them to attack it easily.
Each application may have bugs, bugs can be used by intruder, so each application should be treated as "dangerous to itself and others" (potentially "insane" ), so it should be completely isolated to minimize possible damage. Regarding "speed", let's count resources consumed by anti-virus, system updates, and down-time when they didn't help.
BTW, approach from "A new design" topic may provide a better security...

[Solar]

Welcome to the concept of microkernels resp. exokernels.

Both have their own set of problems, but if you're up to it, knock yourself out.

[Boris]

Whatever your kernel is, you will still have naive users who will download stupid stuff and get viruses from it to their computers.

[onlyonemac]

In other words, you've just re-invented the exokernel. Well done.

/thread

[Combuster]

Whatever your kernel is, you will still have naive users who will download stupid stuff and get viruses from it to their computers.

The trick is always to make it sufficiently difficult that people go after something else.

[alexei]

In other words, you've just re-invented the exokernel. Well done.

Usually, exokernels give user-end applications full access to specific hardware, and in some cases it gives some performace advantages.
I'm talking about multi-layered structure of components communicating strictly via kernel. Each component is fully indepemdent and works in its private execution environment.
I see the main problem for independent OS development is to communicate with hardware, which often has undisclosed / NDA interfaces. It should be possible to use existing drivers from Windows/Linux/Haiku by running them in virtualized environment that emulates required OS (actually, you don't need full OS, just the functionality used by specific driver).
In another words, each driver/"server" on each level runs on designated VM along with application that communicates with kernel to provide virtualized resources and use resources, provided by other components.
This concept targets necessity of using software and hardware that may have undesirable functionality (such as driver with virus or network card vith trojan in firmware) and despite of that be able to do your job safely and securely, while keeping you privacy protected.
Actually, that's what everybody needs nowdays.