A claim has been floating about for a few decades now that operating systems can be built that essentially solve the security problems that now panic various government and industrial institutions. These claims are backed up with several substantial pieces of code, that are not yet complete enough to provide a solution, but are complete enough to show feasibility in aspects that dissuaded some from the ‘capabilities’ approach in even earlier decades. These claims are not trivial to support; indeed as in most software projects they will not be broadly believed until they are implemented. Something that is not nearly so daunting, however, is to assemble software architects from a few critical application areas, along with a few experts in user interface, who can brain-storm to produce a credible architecture that exploits capabilities to create a perceptibly different sort of system that strongly protects users in activities that are common today, as well as allowing activities that designers dare not contemplate today. I believe that a consensus that this is possible would arise within such a group.
Even before that grand plan capability kernels can support a variety of sensitive applications now using an unfamiliar user interface style. Embedded applications are an even easier goal. Many embedded applications must connect to the Internet and too many of today’s programmers assume that this requires a Unix kernel, or even a Windows kernel. This need not be so.