My question is what kind of Operating System Design should be employed to make it as difficult as possible for companies like NSO to find useful exploits in smartphone/computers?
- I hear about exo-kernels, microkernels, monolithic kernels, unikernels etc what approach is the best?
- What language should it be written in? Rust ( I don't know if the memory safety advantages of rust can bring something to the table in this case)
- What design considerations should one put in place to make sure the OS is as secure as possible from bugs found in applications running on it (a zero click zero day in WhatsApp should not allow someone to see, my recent calls, peek into my gallery etc)
- How can I make it as difficult as possible for malware to be installed?
- I want it to be such that writing a zero day exploit into the code, is as difficult as possible.
- I also want it such that if a zero day exploit does exist, it is found as easily and quickly as possible.
It would piss them off if the malware 'thought' it got root, but it didn't. This would be a decoy environment full of plausible looking (non-sensitive) information, and the malware reports to the C2 with a bunch of benign data.
How to achieve this is the killer question though.