OSNews

Asbestos, a new prototype operating system, provides labeling and isolation mechanisms that help contain the effects of exploitable software flaws. Applications can express a wide range of policies with Asbestos's kernel-enforced label mechanism, including controls on inter-process communication and system-wide information flow. A new event process abstraction provides lightweight, isolated contexts within a single process, allowing the same process to act on behalf of multiple users while preventing it from leaking any single user's data to any other user. Initial tests have been promising, and Eddie Kohler, Asbestos's creator, hopes that within a few years, Asbestos will be an alternative to server operating systems such as Linux and Windows.