3 个仓库
Binds each task to its own controlled view of the system through virtual, mapped, and isolated contexts, ensuring predictable behavior under concurrency and preemption.
Distinct from Execution Isolation: Distinct from Execution Isolation: focuses on kernel-level task isolation with virtual and mapped contexts, not general runtime security boundaries.
Explore 3 awesome GitHub repositories matching security & cryptography · Kernel Task Execution Isolations. Refine with filters or upvote what's useful.
CppGuide is a curated collection of educational resources and practical guides focused on C++ server development, Linux kernel internals, concurrent programming, network protocols, and security exploitation. It provides structured learning paths for backend developers, covering everything from interview preparation to building high-performance network servers and understanding operating system fundamentals. The guide distinguishes itself by offering in-depth, hands-on tutorials that walk through real-world implementations, including building a Redis-like server from scratch, designing custom
Explains kernel task execution isolation using virtual and mapped contexts.
Asterinas 是一个内存安全的操作系统内核,旨在防止数据竞争和内存损坏。它作为一个兼容 Linux-ABI 的内核,能够运行现有的 Linux 二进制文件和容器工作负载,同时提供声明式的操作系统分发模型。 该项目的特色在于充当虚拟机容器宿主机和机密计算客户机操作系统,使其能够在 Intel TDX 等硬件隔离的可信执行环境(TEE)中运行。它通过隔离不安全底层操作实现了最小化的可信计算基(TCB),并将核心内核机制与特定策略实现分离开来。 该系统涵盖了广泛的能力,包括物理和虚拟内存管理、对称多处理(SMP),以及针对各种 CPU 架构的硬件抽象。它还包括对安全容器运行时的支持、一套全面的网络和 Socket 原语,以及用于内核编译和仿真的专用工具链。 该项目支持在 x86-64、RISC-V 64 和 LoongArch 64 平台上进行多架构部署。
Creates isolated environments by disassociating processes from shared system resources.
The sandbox-sdk is a development kit designed for building secure, isolated execution environments on a global edge network. It provides a framework for creating ephemeral, containerized workspaces that allow developers to run untrusted code, manage build tasks, and host automated scripts without compromising host system security. By leveraging a serverless runtime, the platform enables the deployment of these environments directly at the network edge to ensure low-latency performance. The platform distinguishes itself by integrating language models with sandboxed execution, facilitating the
Runs automated scripts and long-running computational tasks within secure, isolated containers to maintain system stability.