question: formal model for static, dynamic predefined and dynamic and free schedules

[matu3ba]

I'm working on collecting sane security defaults to get as far as reasonably possible with currently available process based sandboxing solutions, more out of curiousity of what the actual design of process handling is and to make an (in)sane portable API from it.
See matu3ba/sandboxamples#7.

Are you aware of such, ideally formal, models and/or comparison with overview work how processes are organized in user land and how their permissions can be restricted on various Kernels?
If yes, can you recommond any state of art?

Feel free to close, if not in scope. Thanks.