I've recently been working on a project which involves running several applications on a single server, some of which may come from sources which are not verified for security. This is a typical example of shared hosting, which frequently poses security problems, due to so much unverified user code running on the same server, some of the code may potentially be malicious, and attempt to gain access to areas which it's not supposed to. To solve this problem, many web hosting companies started using virtual machines. However, the problem with these, is that they can be very expensive for companies to host (especially small businesses), due to the memory requirements they impose, the CPU time, and the power consumption. To solve this problem, I developed a virtual OS (specifically for server hosting), written in C#, called IDWOS 2012, which is designed to isolate each process into its own virtual machine, and prevent any kind of inter-application communication from occurring on the server. When each process on the server starts, it is assigned a security token, which needs to be passed to any "privileged function" on the system in order to determine what type of access the process has, and allows the privileged function to be invoked in a secure context (for example, calling File.Open("C:\\myfile.txt",FileMode.Open)) could redirect to a virtual filesystem, instead of the actual hard drive. This is the default action, and direct access to the system drive is only allowed if the application is "trusted" by the system administrator, and allowed to perform this kind of interaction. Otherwise, all calls made by the virtual machine (process) are redirected to more secure functions, or simply not allowed at all (for example, P/Invoking, and unsafe code is currently not supported).
I will release this under a GPL license for non-commercial use (open-source), and a paid license for commercial use.