I propose a technical definition of defend here. How well can we defend an application in Keykos?

Capability discipline allows the following promising beginning. Implement the application as a set of pages and nodes so that:

This pattern is similar to an application running on a dedicated machine and gains the security familiar in that case.