--image=busybox sh / # f(){ f|f& };f # WARNING: Don't try this! Things We Have Done 1. Hardware Isolation 2. Security Tools - SELinux, Seccomp, AppArmor, Capabilities, Cgroup 3. Intrusion Detection hypervisors. It abstracts the common virtualization components which implements a Rust-based VMM. • Written in Rust: Memory-safe language • Secure: Minimal hardware emulation • Flexible: Easy to customize Rust-VMM crates. • The project focuses on running modern, cloud workloads, on top of a limited set of hardware architectures and platforms. Let’s demo Demo virtio-fs block vm-memory acpi linux-loader

Cloud/Edge Computing, AI, IoT, Programming Languages & Runtimes, Network, Virtualization, RISC-V, EDA, 5G/6G… Who Am I Agenda I. Background  Tech Stack  Project Sparrow Background Source: https://sel4.systems/About/seL4-whitepaper.pdf 1.2.1.2 Virtualization I. Background  seL4 is also a hypervisor Source: Source: https://sel4.systems/About/seL4-whitepaper.pdf I. Background  seL4 virtualization support with usermode VMMs Source: https://sel4.systems/About/seL4-whitepaper.pdf 1.2.1.3 Provable

No Synchronization latency • No memory/cache latency • No CPU cycles DLB-Assist Channel Intro Hardware Senders Receive Senders Senders Receive Receivers Channel/Queue DLB-Assist Channel removes the Department or Event Name 12 Intel Confidential MiNetRun – Rust Channel 12 DLB-Assist Channel Overview Hardware-Direct offloading • Can’t carry generic type • Escape safety track Message-Ownership Tracking Reclaiming • Reclaim Message-ID • Transfers Message-ID through HW Senders Receivers Channel Hardware Hardware Producer Consumer Give Ownership Take Ownership Message-ID Reclaiming Message- Ownership

removing artificial barriers that have made the accidental tasks inordinately hard, such as severe hardware constraints, awkward programming languages, lack of machine time. How much of what software engineers desperate cries for a silver bullet – something to make software costs drop as rapidly as computer hardware costs do…. Not only are there no silver bullets now in view, the very nature of software makes breakthrough promises to give the sort of magical results with which we are so familiar in the hardware area, we must consider those attacks which address the essence of the software problem, the formulation

重塑移动应用开发 PhoTto / image / chart Keystone Keystone is aiming to develop the most secure and easyuse hardware wallet for the Web3 world 利用 Rust 重塑移动应用开发 Photo / image / chart 采用 Rust 重构业务逻 辑的背景和动机 Performance

local_ref_count; }; std::atomic cctrl; atomic> Hang on… that’s 16 bytes • Rely on hardware support for 16-byte atomics. • Generally ubiquitous and widely available. • std::atomic might