I laughed out loud when I read on the Invisible Things Labs' Blog that Xen is "only" a "few hundreds of thousands of lines of code."[1] Sure, this is small compared to most modern monolithic desktop OSes, but it's not particularly small compared to a stripped down Linux kernel build, and it's absolutely gigantic compared to a modern microkernel. The Nova Microhypervisor and seL4 are each about 9000 SLOC.
But when I shared this disbelief with a couple of friends who at least have a passing understanding of computer security, each of them just shrugged. And of course both Nova and seL4 have had a lot of trouble gaining any kind of foothold in the market.
Am I completely off base in thinking that it should be self-evident that one should start building any secure system by minimizing the size of their trusted computing base? Or is the issue that applications are still the source of most vulnerabilities, so it's premature to try to make the kernel super secure? Or that there are too many ways to violate isolation in a microkernel by compromising shared server processes?
I ask because I am wondering if I should "learn to stop worrying and love the bomb" and (re-)embrace Xen and/or Linux, or if I should continue pursuing some approach along the lines of seL4/Nova/Genode for building secure systems?