u/themagicalfire

I have in mind to use a chain-of-command idea for security.

How it’s supposed to work is that every program is being attributed to different layers. Every layer is vertical, like a hierarchy.

The layers can only interact with each other if adjacent (layer 1 can only interact with layer 0 and layer 2; layer 2 can only interact with layer 1 and layer 3).

Access between different layers is meant to happen through multiple brokers for IPC and syscall gatekeeping.

What this design is supposed to achieve is make kernel attacks more difficult (because now you need to chain exploits for multiple layers and multiple services) and somewhat limit lateral movement for binaries.

This design works best when supplemented by other security mechanisms.

The risk I want to stop is that programs can connect to the internet without my consent.

To connect to the internet, the network driver’s existence is a prerequisite.

So my idea is to modify the source code of the network driver to allow inputs only from specific programs. Maybe using PIDs or identity flags.

The desired result is that if a program isn’t whitelisted, the output isn’t allowed (using if/else logic).