I am more interested in papers proving that SIPs aren't able to be exploited via logic errors attacks, like it happened in Java Applets due to logic errors on the serialisation library.

How does hardware isolation solve that issue? SIP's do the same thing...

SIPs don't do nothing for "We have learned that multiprocessing is the only safe path to program stability, ease of scaling across clusters and less security exploits."

Which was my whole point since the beggining.

Yeah SIPs are nice, hardly any different from other managed OSes since the 60's, with Burroughs being the first one.

Many of those actually were used in production, while Singularity never left the crib, it died on version 2.0 with nothing more than a CLI interface.

Then everyone moved into other projects, hardly any security assessement was done to the whole stack, so how can you assert SIP capabilities to withstand a black hat attack?

SIP are not new, those previous systems you mentioned are a form of them, many shared hardware address space across all processes and relied on the programming language being safe for isolation but they where built in a time when running untrusted code was not really thought about, it was more about not crashing the whole system by accident.

SIP are a form of multiprocess designed for safety and stability reducing exploits and potentially scaling across clusters. Singularity and Midori heavily relied on message passing for IPC which would have allowed cluster scale out.

These where research projects there was plenty the security work available some of it I linked. Much of the work revolved around verifiability of the code to guarantee no cross process breakout without hardware checks.

How do you assert hardware checks can withstand a black hat attack? They obviously haven't been lately.

By doing what Azure Sphere project has done, paying bounties to researches to actually exploit systems in production, not just theory.

JAAS and CAS were also secure until black hats started to look into them, and since they are beyond repair, have now been thrown away, replaced by OS containers and multiprocesses.

So SIP's don't change any of that except maybe the possibility of formal verification and easier patching of discovered flaws.

You get similar guarantees to hardware checks with less overhead thats the point.

Either way you're going to want to pay bounties for bugs hardware or software. Security work is never done.

JAAS and CAS where not SIP, I am not sure why you keep trying to conflate them.

Because Singularity is hardly any different from something like SavaJe OS, in what concerns use of type safe programming language as security boundary.

It was abandoned in 2006 and SIP were never validated in production under real attacks.

Even Midori had more real use, having powered Asian Bing subnet for a while.

To worship it in 2021 is just theory without pratical results.

I have concerns about hardware as a security boundary as well, more so lately, as should you I hope and it's much more difficult to patch hardware.

Again Midori used SIP's so it was validated in production, right?

Projecting worship on to me is not productive, no need to be childish about this. All the points you bring up for software isolation exist with hardware isolation, formal verification could help both and there is a lot of work in that area.

I think software needs to become safe by default, the endless buffer overflows need to stop. If you then take the stance user land software must be written in a safe language then the need for hardware isolation might not need to exist in it's current form and thats very interesting to me, thats all.

You are ignoring the remaining 30% of security exploits that safe languages don't protect you from, including SIP.

Which are what? How does hardware isolation protect against them?