seL4 has the lowest IPC overhead of any kernel and it's an order of magnitude faster than Linux [1]. But you are correct: switching cost amounts of noise when architectured correctly. LionsOS [2] (which is based on seL4) has some benchmarks showing improved performance over Linux [3].
I am betting you know what mandatory access control is ; ). They basically amount to a firewall that is placed on applications restricting what they can do. The rules are generally written by downstream distros and are divorced from the implementation. The problem is that it's hidden control flow, so the program just dies and can't fall back gracefully. Capability oriented APIs make broker processes and narrowing of permissions tractable.
I am betting you know what mandatory access control is ; ). They basically amount to a firewall that is placed on applications restricting what they can do. The rules are generally written by downstream distros and are divorced from the implementation. The problem is that it's hidden control flow, so the program just dies and can't fall back gracefully. Capability oriented APIs make broker processes and narrowing of permissions tractable.
[1]: https://sel4.systems/performance.html
[2]: https://lionsos.org/
[3]: https://trustworthy.systems/publications/papers/Heiser_25%3A...