CLOSOS: Language-Based Protection Mechanisms

Concept

Security in a Lisp OS is enforced by the compiler and runtime environment rather than traditional hardware MMU (Memory Management Unit) boundaries.

Controlled Access System: The system is "closed" by the compiler. Only code produced by the trusted compiler—which excludes arbitrary pointer arithmetic and includes bounds checking—is allowed to execute in supervisor mode.
Tagged Pointers: Objects are manipulated via tagged pointers. Access rights (read/write/execute) can be embedded directly into the tag bits of the pointer itself.
Capabilities: Pointers function as capabilities. Possession of a pointer to an object implies the authority to interact with it according to the embedded access tags.