2 个仓库
Frameworks and modules that restrict process capabilities and protect the operating system kernel from exploits.
Distinct from Kernel Security Audits: Shortlist candidates focus on auditing and data splicing rather than runtime capability restriction modules.
Explore 2 awesome GitHub repositories matching security & cryptography · Kernel Security Modules. Refine with filters or upvote what's useful.
This project is a Buildroot-based Linux distribution and embedded home server operating system designed to host containerized home automation services. It serves as a dedicated platform that manages the hardware and software requirements of a local smart home hub. The system is built as an immutable operating system, utilizing a read-only root filesystem and image-based updates to ensure consistent versioning and prevent accidental changes. It employs container-based process isolation to decouple applications from the core operating system. The platform provides a supervised container manage
Employs kernel-level security modules to restrict process capabilities and protect the underlying system.
Asterinas 是一个内存安全的操作系统内核,旨在防止数据竞争和内存损坏。它作为一个兼容 Linux-ABI 的内核,能够运行现有的 Linux 二进制文件和容器工作负载,同时提供声明式的操作系统分发模型。 该项目的特色在于充当虚拟机容器宿主机和机密计算客户机操作系统,使其能够在 Intel TDX 等硬件隔离的可信执行环境(TEE)中运行。它通过隔离不安全底层操作实现了最小化的可信计算基(TCB),并将核心内核机制与特定策略实现分离开来。 该系统涵盖了广泛的能力,包括物理和虚拟内存管理、对称多处理(SMP),以及针对各种 CPU 架构的硬件抽象。它还包括对安全容器运行时的支持、一套全面的网络和 Socket 原语,以及用于内核编译和仿真的专用工具链。 该项目支持在 x86-64、RISC-V 64 和 LoongArch 64 平台上进行多架构部署。
Limits unsafe code execution by utilizing a minimal Trusted Computing Base in the construction of kernel modules.