Microsoft Research, in collaboration with various others, has just released LiteBox, a library operating system.
LiteBox is a sandboxing library OS that drastically cuts down the interface to the host, thereby reducing attack surface. It focuses on easy interop of various “North” shims and “South” platforms. LiteBox is designed for usage in both kernel and non-kernel scenarios.
LiteBox exposes a Rust-y
↫ LiteBox GitHub Pagenix/rustix-inspired “North” interface when it is provided aPlatforminterface at its “South”. These interfaces allow for a wide variety of use-cases, easily allowing for connection between any of the North–South pairs.
Suggested use-cases are running unmodified Linux applications on Windows, sandboxing Linux applications on Linux, running OP-TEE applications on Linux, and more. It’s written in Rust, and the code is available on GitHub under an MIT license.
