5 مستودعات
Using hardware virtualization to create isolated memory partitions for sensitive workloads.
Distinct from Memory Isolation: Candidates focus on network lanes, AI agent memory, or Linux namespaces, not VBS-style OS isolation.
Explore 5 awesome GitHub repositories matching security & cryptography · Virtualization-Based Isolation. Refine with filters or upvote what's useful.
rkt is a secure Linux container engine and pod-native container manager. It provides a composable execution environment for launching and managing isolated application containers on Linux, serving as a runtime designed around open industry standards for image formats and networking interfaces. The system is distinguished by a pod-native execution model that groups multiple containers and shared resources into single, self-contained units. It utilizes pluggable execution engines to provide secure isolation, including the use of hardware-based virtualization to create security boundaries betwee
Uses hardware-based virtualization to establish a strong security boundary between the host and containers.
Harden-Windows-Security is a security hardening tool and framework designed to reduce the attack surface of the Windows operating system through policy enforcement. It provides a collection of security presets and templates to implement official hardening standards across multiple devices. The project distinguishes itself through a comprehensive execution control system, featuring a manager for Windows Application Control and a kernel protection suite. It implements strict trust models, including kernel-mode driver whitelisting, signed policy implementation on the EFI partition, and code inte
Creates secure memory partitions and lightweight environments to isolate sensitive workloads from the host operating system.
Lucet is a WebAssembly runtime and sandboxing compiler that translates WebAssembly bytecode into native machine code. It serves as a secure execution environment and native code generator designed to run untrusted code while preventing unauthorized access to host system resources. The project focuses on high-performance sandboxing by using ahead-of-time compilation to achieve near-native execution speeds. It implements software-based fault isolation and a host-call interface to manage secure communication and data exchange between the isolated module and the external host application. The sy
Implements software-based fault isolation to restrict memory access via guard pages and bounds checking.
This project is a cybersecurity educational resource and courseware designed for malware analysis and reverse engineering. It provides a structured curriculum of lessons, labs, and guided projects focused on detecting and understanding the behavior of malicious software. The resource includes a lab guide for building isolated virtual machine environments to safely execute and study malware. It covers the setup of a specialized toolchain consisting of disassemblers and debuggers used to analyze compiled machine code. The training material covers both static analysis, which examines binary cod
Uses virtualization to create isolated environments that prevent malicious code from infecting host systems.
This project is an OCI-compatible container runtime that executes workloads within lightweight virtual machines. By leveraging hardware-based virtualization, it provides strong security isolation between containerized processes and the host operating system, serving as a drop-in replacement for traditional container execution environments. The runtime distinguishes itself through a hypervisor-agnostic architecture that abstracts underlying virtualization operations, allowing for consistent container lifecycle management across different backends. It integrates directly with standard container
Executes container workloads within dedicated lightweight virtual machines to provide strong security boundaries between the host and containerized processes.