Virtual Software Guard Extensions

[draft] We observe object-capabilities may lead to virtual software guard extensions (VSGX) in move toward secure online business.

Firstly, Intel Software Guard Extensions (SGX) is a set of security-related instruction codes that are built into some modern Intel central processing units (CPUs). They allow user-level as well as operating system code to define private regions of memory, called enclaves, whose contents are protected and unable to be either read or saved by any process outside the enclave itself, including processes running at higher privilege levels. page

Secondly, Mark Miller's, Secure ECMAScript (SES) is a capabilities-based language construct built into modern javascript. This allows developers to define an ephemeral private object graph, called realms, whose encrypted contents are protected and due to memory safety, is unable to be either read or saved by any process outside the realm. Processes running at higher privilege levels, can be made unable to read the real by freezing the realm from the operating system Kernel, an evolutionary process underway in microkernel development, seen in least authority based operating systems. ChromeOS, Linux 4.2x and others in the past and under development now page