Sculpt OS: a novel operating system for truly trustworthy computing

Explore Sculpt OS, a microkernel-based operating system built for trustworthy computing. Learn about its capability-based security, component isolation, and support for modern software stacks.

Key takeaways
  • Sculpt OS uses a capability-based security model where components only get the specific privileges they need to function

  • The system is built on a microkernel architecture with ~10,000 lines of code, compared to Linux’s ~30 million lines of code kernel

  • Components are isolated from each other and communicate through controlled interfaces, preventing a compromised component from affecting others

  • The system uses a declarative configuration approach where the desired system state is specified, rather than sequences of commands

  • Includes support for common APIs like POSIX, Qt5/6, OpenGL and programming languages including C++, Python, Java and Rust

  • Features a package manager inspired by NixOS for managing software components and their dependencies

  • Supports running on multiple architectures including x86 (32/64-bit), ARM and RISC-V

  • Can run complex software like web browsers and virtual machines while maintaining security isolation

  • Components communicate through shared memory and signals for performance, with careful interface design to balance latency and bandwidth

  • Development is primarily done by G-node Labs with open source code and public development process on GitHub