Unikernels and MirageOS are a step up (or in same direction) from this work, actually. ;) Unikernels are similar to L4 community's device-driver reuse but often have a larger TCB from my reading. (Not an expert on unikernels, to be clear!) MirageOS combines virtualization-based security with language-based protections and good build tools to aim at more secure, special-purpose deployments. The two are similar. The Nizza Security Architecture and Genode Architecture have each been able to do this with more efficiency and smaller TCB (attack surface). MirageOS's use of language security is a differentiator that's orthogonal to other aspects. I've encouraged such things in Genode, etc albeit with safer, low-level languages and static/dynamic analysis.
EDIT to Add: Just remembered that MILS separation kernel vendors (eg INTEGRITY-178B) have been doing this for over a decade with combinations such as sep kernel, Ada runtime for critical stuff, and user-mode VM's for legacy stuff. Long proven approach that mainstream is just catching up to.
EDIT to Add: Just remembered that MILS separation kernel vendors (eg INTEGRITY-178B) have been doing this for over a decade with combinations such as sep kernel, Ada runtime for critical stuff, and user-mode VM's for legacy stuff. Long proven approach that mainstream is just catching up to.