Kernel isolation of a Capability-based security Operating System