Sculpt OS: a novel operating system for truly trustworthy computing

Security

Explore Sculpt OS, a microkernel-based operating system built for trustworthy computing. Learn about its capability-based security, component isolation, and support for modern software stacks.

Key takeaways

  • Sculpt OS uses a capability-based security model where components only get the specific privileges they need to function

  • The system is built on a microkernel architecture with ~10,000 lines of code, compared to Linux’s ~30 million lines of code kernel

  • Components are isolated from each other and communicate through controlled interfaces, preventing a compromised component from affecting others

  • The system uses a declarative configuration approach where the desired system state is specified, rather than sequences of commands

  • Includes support for common APIs like POSIX, Qt5/6, OpenGL and programming languages including C++, Python, Java and Rust

  • Features a package manager inspired by NixOS for managing software components and their dependencies

  • Supports running on multiple architectures including x86 (32/64-bit), ARM and RISC-V

  • Can run complex software like web browsers and virtual machines while maintaining security isolation

  • Components communicate through shared memory and signals for performance, with careful interface design to balance latency and bandwidth

  • Development is primarily done by G-node Labs with open source code and public development process on GitHub

More talks

ElixirConf 2022 - Aldebaran Alonso - Let's talk to Industrial devices

Why Should Developers Care about Container Security? - Eric Smalling

Dreamscapes (DeepDream scaled up to Operate on Multi-Hundred Megapixel Images)

SAINTCON 2016 - Andrew Brandt (Spike) - Ingress Egress: The emerging threats of AR gaming

Hugo Anderson - Orchestrating Generative AI Workflows to Deliver Business Value | PyData Global 2023

Alex Soto - Securing Secrets in the GitOps era

Adam Hopkins - Overcoming access control in web APIs

SAINTCON 2016 - Jerry Smith - Privacy and Security : Which comes first?