Repy V2

RepyV2 library is made up of several layers

• It starts with a Sandbox Kernel layer, labelled 1 in the diagram   * This layer is small and is the only portion of the system that is part of the trusted code base (TCB)     * By keeping the TCB so small, we can avoid unnecessary compromises based on code needlessly being in the TCB

      \

• The next layer that exists in the RepyV2 architecture is the policy libraries   * These exist above the kernel and contain explicit capability passing and privileged operations through interaction with the kernel. This is labelled 3 in the diagram

    \

• Finally, we have the highest layer, the user code and standard library imports and the system library   * This code is untrusted, and executed on top of all of the previous layers. It interacts with the policies through the system library, which then goes down and interacts with the sandbox kernel only if the permissions check out

\