GitHub Repository

HIC: A hierarchical isolation kernel reference architecture. Unifying security, performance, and modularity in a single design, enabling deployment from embedded to cloud with full lifecycle evolution.

15 starsC

HIC – Same-Ring Isolation, 4ns IPC, Runs on 8086

Name: HIC – Same-Ring Isolation, 4ns IPC, Runs on 8086
Availability: InStock
Author: DslsDZC

by DslsDZC·Apr 28, 2026·1 point·1 comment

Visit Project View on HN

AI Analysis

●●●●GemWizardryZero to OneDark Horse

Same-ring isolation using MMU hardware to block addresses instead of software privilege switches.

Strengths

•Cross-domain calls execute in three instructions with no kernel code involvement.
•Hardware-enforced invariants hold even if the attacker controls the code.
•Architecture scales from 8086 segment descriptors to modern page tables.

Weaknesses

•Reference architecture lacks a full production-ready driver ecosystem.
•Extremely niche audience limited to low-level systems programmers.

Post Description

HIC is a capability-secure OS kernel. It isolates system services inside Ring 0. Each service occupies a separate physical address range. The MMU enforces the boundary.

There is no kernel IPC path. A cross-domain call is three instructions: call into an entry page, bt to test a domain ID against an authorization bitmap, jmp into the business logic. No privilege switch occurs. No kernel code runs during communication. Parameters travel in registers or shared memory.

A caller cannot name the address of business logic because no mapping exists in its page tables. The MMU hardware will not produce that address. This invariant holds regardless of what code the attacker executes.

The same guarantees hold without an MMU. On an 8086, segment descriptors replace page tables. The caller's LDT contains no descriptor for the business logic segment. Hardware refuses the far jump.

The architecture is documented in full. The critical instruction sequences are in the repository. You can count the cycles yourself.

Similar Projects

Developer Tools●●Solid

Plasmite – a lightweight IPC system that's fun

Persistent IPC channels survive reboots—unusual property most message systems lack.

Big BrainNiche Gem

sandover

912mo ago

Infrastructure●●●Banger

Tachyon: 56 ns zero-copy IPC across Python, Rust, Java

56 ns cross-language IPC beats iceoryx and Aeron on their own turf.

WizardryBig Brain

riyaneel

201mo ago

Developer Tools●Mid

GDSL – 800 line kernel: Lisp subset in 500, C subset in 1300

Compiler constraint craft with gem potential, but no repo or verifiable code to inspect.

Bold Bet

FirTheMouse

89203mo ago

Infrastructure●●Solid

Nucleus – A security-hardened, Nix-native container runtime

12ms container startup beats Docker's 500ms with Nix-native declarative config.

Niche GemBig Brain

0kenx

40134d ago

Security●●●Banger

Telos – eBPF/LSM Runtime Security for Autonomous AI Agents

Kernel-level intent tracking stops AI exfiltration where EDR and Docker fail.

WizardryBig BrainBold Bet

nevinshine

103mo ago

Health●Mid

Oura Ring 4, Thoughts?

The review zeroes in on what actually changed: recessed sensors, titanium comfort, and an 18-pathway Smart Sensing platform that promises better sleep and HRV data. It calls out useful features like automatic activity detection and 30+ tracked metrics, but glosses over the usual purchase blockers — battery life, subscription pricing, long-term accuracy, and data/privacy tradeoffs.

Crowd PleaserSlick

daveshappy

313mo ago