Sunyata
/
Principles
/
Security

Security

Sunyata and Nevuqe prioritize security and privacy. We are committed to providing exceptional levels of security and privacy to users.

Sunyata/Enso's system applications interact with the kernel through object-capabilities, preventing inherent authority and allowing access only to explicitly granted objects.

Software is securely packaged and sandboxed. Each software, including system components, is granted minimum necessary privileges and limited to accessing relevant information. The operating system enforces capability routing and software sandboxing, eliminating the need for developers to create extra security systems.

Isolation

Sunyata's kernel ensures process isolation by default and requires explicit granting of capabilities and resources. Capabilities and resources are passed through handles instead of names, resulting in a system that grants software access only to necessary components.

Components

Every user space software, including system services and user applications, functions as a component.

Self-contained packages

Components are distributed through self-contained packages that encompass all required files. Sunyata packages consist of components, files, metadata, and more. Isolated namespaces ensure that a component only has visibility within its own package as necessary.

No global file system/ambient authority

Sunyata operates without ambient authority, where every operation is confined to an object capability. Unlike other operating systems, Sunyata does not have a global file system. Instead, each program is assigned its own local namespace, enabling independent operations.

Last updated on 12 May 2023
Performance
Code of Conduct