# EROS

> operating system developed beginning in 1991 by The EROS Group

**Wikidata**: [Q1275806](https://www.wikidata.org/wiki/Q1275806)  
**Wikipedia**: [English](https://en.wikipedia.org/wiki/EROS_(microkernel))  
**Source**: https://4ort.xyz/entity/eros-q1275806

## Summary
EROS (Extremely Reliable Operating System) is a security-focused operating system based on a capability-based architecture, development of which began in 1991 by The EROS Group. It is a research-oriented operating system that explores new approaches to security through its unique architectural design.

## Key Facts
- **Development Start**: 1991
- **Developer**: The EROS Group
- **Full Name**: Extremely Reliable Operating System
- **Also Known As**: E, EROS
- **Classification**: Security-focused operating system
- **Architecture**: Capability-based architecture, Microkernel
- **Type**: Research-oriented operating system
- **Wikipedia Title**: EROS (microkernel)
- **Available Languages**: Czech (cs), German (de), English (en), Portuguese (pt), Russian (ru)
- **Freebase ID**: /m/01zjpp
- **Sitelink Count**: 5
- **Related Project**: CapROS (open-source continuation of EROS)
- **Security Features**: Mandatory access control, minimal attack surface

## FAQs

### What is EROS and when was it developed?
EROS (Extremely Reliable Operating System) is a security-focused operating system that began development in 1991 by The EROS Group. It uses a capability-based architecture and microkernel design to provide enhanced security and reliability.

### What type of architecture does EROS use?
EROS uses a capability-based architecture with a microkernel design. This security model controls access to system resources through unforgeable tokens called capabilities, providing fine-grained access control.

### What is the relationship between EROS and CapROS?
CapROS is an open-source continuation of the EROS project. Both are research-oriented operating systems that explore capability-based security approaches, contributing to the broader understanding of secure computing systems.

### How does EROS differ from other security-focused operating systems?
EROS differs from systems like OpenBSD, GrapheneOS, and Kaspersky OS by focusing specifically on capability-based architecture as its primary security mechanism. While other systems may use approaches like sandboxing or code auditing, EROS implements security at the architectural level through its capability-based microkernel design.

### What security features does EROS provide?
EROS includes mandatory access control to enforce strict policies on what users and processes can access, a minimal attack surface by limiting unnecessary services, and enhanced protection through its capability-based architecture to resist attacks and protect user data.

### In what contexts is EROS used?
EROS is used primarily in research and development environments exploring new security models. Its applications include environments where security is paramount, such as systems requiring robust defense against attacks, data breaches, and unauthorized access.

## Why It Matters
EROS matters as a pioneering operating system that has contributed significantly to the field of secure computing through its capability-based architecture. Beginning its development in 1991, it represents one of the early explorations into fundamental architectural approaches to operating system security, predating many well-known security-focused systems.

The project demonstrates how operating systems can be designed from the ground up with security as a primary concern, rather than adding security features to existing architectures. Its capability-based model provides a fundamentally different approach to access control, offering theoretical and practical insights into how systems can be made more secure through architectural design rather than through patches and additional security layers.

EROS has influenced subsequent research and development in secure operating systems, with its continuation through CapROS ensuring ongoing contributions to security research. It serves as an important reference point for understanding alternative approaches to operating system security and has helped advance the broader understanding of how capability-based systems can provide robust security guarantees while maintaining system reliability.

## Notable For
- **Early Pioneer**: Beginning development in 1991, EROS was one of the earliest operating systems specifically designed around capability-based security
- **Capability-Based Architecture**: Pioneering implementation of capability-based access control as a fundamental operating system security mechanism
- **Microkernel Design**: Implementation of a microkernel architecture to minimize privileged code and reduce attack surfaces
- **Research Contribution**: Significant academic influence on understanding secure operating system architecture and capability-based systems
- **Academic Legacy**: Continuation through open-source projects like CapROS, demonstrating lasting impact on security research
- **Architectural Innovation**: Exploration of security models that differ fundamentally from traditional access control approaches
- **Reliability Focus**: Unique emphasis on both extreme reliability and security in operating system design

## Body

### History and Development
EROS (Extremely Reliable Operating System) began development in 1991 under The EROS Group. The operating system was designed as a research project to explore new approaches to security through capability-based architectures. Unlike commercial operating systems developed during the same period, EROS focused on fundamental security architecture rather than feature expansion or market adoption.

The project's development timeline places it among the early wave of security-focused operating systems, predating many well-known security distributions. Its research-oriented approach allowed for experimentation with novel security concepts that have influenced subsequent operating system design and academic research.

### Architecture and Security Model
EROS is built on a capability-based architecture using a microkernel design, representing a significant departure from traditional access control mechanisms. In a capability-based system, access to resources is controlled through unforgeable tokens (capabilities) that specify both the resource and the permissions associated with it. This approach provides several security advantages:

- **Fine-grained Access Control**: Capabilities enable precise control over what operations can be performed on specific resources
- **Minimal Privilege Principle**: The architecture naturally supports the principle of least privilege
- **Reduced Attack Surface**: By controlling access at the architectural level, the system minimizes potential entry points for attackers
- **Mandatory Access Control**: The capability model enforces strict policies on what users and processes can access

The microkernel architecture of EROS ensures that only essential functions run in kernel mode, further reducing the potential for security vulnerabilities and system crashes.

### Key Security Features
As a security-focused operating system, EROS implements several critical security features:

- **Mandatory Access Control (MAC)**: Enforces strict policies on what users and processes can access, reducing the risk of unauthorized actions
- **Minimal Attack Surface**: Reduces the number of potential entry points for attackers by limiting unnecessary services and features
- **Sandboxing**: Isolates applications to prevent them from affecting other parts of the system or accessing sensitive data
- **Enhanced Protection**: Built specifically to resist attacks and protect user data through architectural design

### Research Impact and Influence
EROS and its successor CapROS contribute to the broader understanding of secure computing and have influenced the development of future operating systems. As research-oriented systems, they explore new security models that differ from conventional approaches used in mainstream operating systems like Windows, macOS, or standard Linux distributions.

The project has academic significance in several areas:
- **Operating System Security**: Demonstrating how capability-based security can be implemented at the OS level
- **Reliable Computing**: Exploring architectural approaches to system reliability (as indicated by the name "Extremely Reliable Operating System")
- **Security Research**: Providing a platform for experimenting with novel security mechanisms and policies

### Related Projects and Continuations
The EROS project has spawned related work, most notably CapROS, which serves as an open-source continuation of the EROS research. This continuation demonstrates the ongoing relevance of the capability-based approach and ensures that the research and development initiated by EROS continues to contribute to the field of secure operating systems.

### Position in Security-Focused Operating System Landscape
EROS operates within the broader category of security-focused operating systems, alongside other notable systems such as:

- **OpenBSD**: A Unix-like operating system known for its focus on security and code correctness, released October 18, 1995
- **GrapheneOS**: A privacy-focused mobile OS based on Android, developed in Canada and founded in 2014
- **Kaspersky OS**: A proprietary operating system developed by Kaspersky Lab, introduced in February 2015 for embedded and industrial systems
- **TrustedBSD**: An extension of the FreeBSD operating system that adds security features like mandatory access control and event auditing
- **LibertyBSD**: A free operating system based on OpenBSD that removes non-free software components

While these systems share the common goal of enhanced security, EROS distinguishes itself through its fundamental architectural approach using capabilities, rather than focusing on code auditing, sandboxing, or policy enforcement as primary security mechanisms.

### Applications and Use Cases
Security-focused operating systems like EROS are used in various contexts, including:
- **Research and Development**: Exploring new security models and architectural approaches to secure computing
- **Personal Privacy**: Protecting individual users from surveillance and data breaches
- **Enterprise Security**: Securing corporate networks and sensitive business data
- **Government and Military**: Ensuring the confidentiality and integrity of classified information
- **Embedded Systems**: Providing secure environments for IoT devices and industrial control systems

### International Presence
The EROS documentation and information are available in multiple languages, including Czech, German, English, Portuguese, and Russian, indicating international interest and research collaboration in the project. This multilingual presence suggests that EROS has attracted attention from the global security research community and has been studied across different academic and research institutions worldwide.

### Technical Specifications
- **Wikidata Description**: Operating system developed beginning in 1991 by The EROS Group
- **Wikipedia Title**: EROS (microkernel)
- **Freebase ID**: /m/01zjpp
- **Sitelink Count**: 5
- **Available Languages**: cs, de, en, pt, ru

The system's classification as both a microkernel and capability-based operating system places it at the intersection of two important approaches to system design: minimalism in kernel design and capability-based security, making it a unique and influential project in operating system research.

## References

1. Freebase Data Dumps. 2013