#+TITLE: CLOSOS: Language-Based Protection Mechanisms
#+ID: closos-protection-mechanisms
#+DATE: 2026-03-22
#+FILETAGS: :architecture:lisp:os:closos:security:

* Concept
Security in a Lisp OS is enforced by the compiler and runtime environment rather than traditional hardware MMU (Memory Management Unit) boundaries.

* Key Principles
- **Controlled Access System:** The system is "closed" by the compiler. Only code produced by the trusted compiler—which excludes arbitrary pointer arithmetic and includes bounds checking—is allowed to execute in supervisor mode.
- **Tagged Pointers:** Objects are manipulated via tagged pointers. Access rights (read/write/execute) can be embedded directly into the tag bits of the pointer itself.
- **Capabilities:** Pointers function as capabilities. Possession of a pointer to an object implies the authority to interact with it according to the embedded access tags.

* Source
:PROPERTIES:
:ID:       9c69a9ab-1c96-490e-9a8e-fbeafacba30e
:END:
- [[attachment:strandh-lispos.pdf][Robert Strandh, "CLOSOS: Specification of a Lisp operating system" (2013)]]