Security & Sandbox

Kinetoor inherits Servo's multi-process security model and extends it with Empoorio-specific hardening.

Process isolation

Renderer processes are sandboxed at the OS level (roadmap: full sandbox on all platforms)
IPC via ipc-channel — typed messages, no shared mutable heap
Constellation enforces per-origin permissions and navigation policies

Content security

CSP (Content Security Policy) enforcement in the script pipeline
SRI (Subresource Integrity) for external scripts and styles
Mixed-content blocking — HTTPS upgrade for passive content
Certificate chain validation with user-visible TLS errors

Post-quantum TLS

The network stack uses Rustls with aws-lc-rs:

ML-KEM key exchange
ML-DSA signatures
Available when peers negotiate PQ cipher suites

Aephoron is among the first browsers targeting PQ-TLS natively in the transport layer.

Memory safety

Rust eliminates use-after-free and buffer overflows in engine code paths. SpiderMonkey remains in C++ but is isolated in a dedicated process with restricted IPC surface.

Web3 key isolation

Wallet private keys never enter the JavaScript heap. Signing requests cross a secure IPC bridge to Eoonia's OS enclave storage.

Shields (Aephoron layer)

User-facing privacy controls built on Kinetoor's network and script hooks:

Tracker and ad blocking
Fingerprint resistance
Per-site shield toggles
On-device Ailoos — no cloud exfiltration of page content for AI features

Security & Sandbox ​

Process isolation ​

Content security ​

Post-quantum TLS ​

Memory safety ​

Web3 key isolation ​