Modern operating systems enforce security boundaries between processes, files, devices, and users. However, the way these boundaries are implemented varies significantly across system designs. Most mainstream operating systems rely on identity-based access control and global namespaces. Capability-based operating systems take a fundamentally different approach: they represent authority explicitly and make it a first-class concept. This post introduces capability-based systems, explains how they differ from traditional designs, and outlines why they are central to the design of EriX.

Operating systems are among the most complex pieces of software ever built. They manage memory, schedule computation, control hardware, and enforce the security boundaries that protect every application running on a machine. Yet many of the operating systems we rely on today are built on architectural ideas that date back several decades. While these systems are extraordinarily powerful and battle-tested, they also carry decades of accumulated complexity. This project explores a different direction: building a modern, capability-based microkernel operating system from scratch, with a strong focus on explicit authority, minimal trusted computing base (TCB), and strict separation between kernel and user space.