@liw Here's a good start: http://mumble.net/~jar/pubs/secureos/secureos.html
Imagine if instead of (solitaire) running with your full authority, you passed in the authority you need, eg (solitaire get-input write-to-screen read-write-score-file)
Instead of solitaire being able to exfiltrate your private keys and cryptolocker your data, now solitaire doesn't even have network and general file access (only to the one file), you simply didn't pass access to it.
Lambda is your new security model now.
@cwebber Thanks, saved to my already long list of important things to read. At least that's not a 600-page textbook on software architecture.
Lars and friends