Features include automatic data and process persistence, some preliminary real-time support, and capability-based security.
Confinement, which is the fundamental building block of isolation, has been formally verified to be enforceable by pure capability systems,[1] and is reduced to practical implementation by the EROS constructor and the KeyKOS factory.
Of greater practical importance, safety has been shown to be false for all of the primitive protection mechanisms shipping in current commodity operating systems.
One goal of the Coyotos project was to demonstrate that component isolation and security has been definitively achieved by applying software verification techniques.
The influence is mutual, since the EROS work on high-performance invocation was motivated strongly by Jochen Liedtke's successes with the L4 microkernel family.
By late 1992, it had become clear that processor architecture had changed significantly since the introduction of the capability idea, and it was no longer obvious that component-structured systems were practical.
Microkernel-based systems, which similarly favor large numbers of processes and IPC, were facing severe performance challenges, and it was uncertain if these could be successfully resolved.
At Hopkins, the goal was to show how to use the facilities provided by the EROS kernel to construct secure and defensible servers at application level.
[7] In 2003, some very challenging security issues were discovered[8] that are intrinsic to any system architecture based on synchronous IPC primitives (notably including EROS and L4).
[citation needed] As of 2006[update], EROS and its successors are the only widely available capability systems that run on commodity hardware.