The necessary technical and UI/UX difference would be capability-based (https://en.wikipedia.org/wiki/Capability-based_security) microkernels like Sel4 or Genode combined with high level user interfaces that allow one to monitor and control the rights and actual resource access and usage of programs
