The orthogonally persistent pure capability operating system.

The orthogonally persistent pure capability operating system is a small operating system aimed towards security, simplicity, and performance. It uses the much overlooked design of pure capability systems, which allows for much better, more powerful, more flexible security. The basic idea behind pure capability systems, is that each process holds a set of unforgable 'keys' that represent objects AND the right to access them. Such keys are called 'capabilities'. Those object are implemented by other processes or the OS kernel. All operations are done via keys, and the only reuqired security test is that the key is valid. Even inter-process communication requires keys, which means you can control what processes see, and force uni-directional flow of information between them.

Pure capability systems enable fine-granulity control of what access processes have, rather than users. This means that your email client, or MP3 players, no longer have access to arbitrarily send data over the internet, delete your files, or otherwise damage your system.

It also applies orthogonal persistence which allows for better and more efficient disk utilization (RAM serving as a mere cache to disk and persistent space is a much simpler model to run and optimize - than swap memory and file caches). Orthogonal persistency also simplifies applications, that do not deal with any type of conversion of their data to a persistent form and back. It also makes file systems unnecessary. File system restoration of a program state is very difficult because of permission checking/etc, and this complexity is eliminted.

Current progress, downloads and other information may be found at Sourceforge project page.

Although patches to current releases would be appreciated, I wouldn't classify current work as usable or even very interesting to developers, and definitely not to users. Once a shell is written, I shall call upon developers to help with the system :)

Note: Some unauthorized communication channels between processes can still exist. Those are covert, and impossible to completely prevent.

Documentation in the source is currently very poor, as there is hardly any time to put work into this. If anyone volunteers to write some, that would be nice :)

Lastly, I want to apologize that I have completely forgot to give credit to EROS, KeyKOS, and the other wonderful OS's, of which Oppcos is inspired. EROS is a much more mature Orthogonally Persistent Pure Capability System, worth checking out, if Oppcos is of interest.