Microsoft engineers and other stakeholders have been developing LiteBox as a security-focused library OS written in the Rust programming language and leveraging Linux Virtualization Based Security “LVBS”. The design is for LiteBox to operate as a secure kernel protecting the normal guest kernel via virtualization hardware.
LiteBox is self-described as:
LiteBox is a sandboxing library OS that drastically cuts down the interface to the host, thereby reducing attack surface. It focuses on easy interop of various “North” shims and “South” platforms. LiteBox is designed for usage in both kernel and non-kernel scenarios.
LiteBox exposes a Rust-y nix/rustix-inspired “North” interface when it is provided a Platform interface at its “South”. These interfaces allow for a wide variety of use-cases, easily allowing for connection between any of the North–South pairs.
Example use cases include:
– Running unmodified Linux programs on Windows
– Sandboxing Linux applications on Linux
– Run programs on top of SEV SNP
– Running OP-TEE programs on Linux
– Running on LVBS
This Rust-based, security-essential OS project is open-source under the MIT license. LiteBox has yet to declare a stable release but the code is in the open and actively being developed on GitHub.
James Morris, the lead for Linux OS security and OSS engagement at Microsoft, announced yesterday the availability of LiteBox.
Those interested in this Microsoft open-source OS effort can learn more about LiteBox or check out the code via GitHub.
