DISCLAIMER: These notes are from the defunct k8 project which precedes SquirrelJME. The notes for SquirrelJME start on 2016/02/26! The k8 project was effectively a Java SE 8 operating system and as such all of the notes are in the context of that scope. That project is no longer my goal as SquirrelJME is the spiritual successor to it.
Security wise, for normal processes and ones in containers accessing devices, the weakest link will be the joints where they connect. Say that there are two devices A and B. A is exploitable but the container does not have access to the device directly. Device B is known to communicate to device A so it would be possible to proxy attack device A to do bad things through B, if there are such flaws in B. I would need a system call and driver interface that is functional and effective but minimizes the risk of such attacks. However, reducing the utility of drivers reduces how much stuff they can do. However, drivers should not be doing everything they should remain simple and to the point.