Microsoft(US:MSFT) 程序员的那些事·2026-02-15 14:40Core Viewpoint - Microsoft has officially open-sourced LiteBox, an experimental "library operating system" developed in Rust, which significantly reduces the attack surface by streamlining the interface with the host system [1][3]. Group 1 - LiteBox is not a complete independent system but serves as a security isolation layer that can be embedded into applications or the kernel, retaining only the most essential system interfaces to minimize the attack surface [3]. - The project focuses on achieving easy interoperability between various "northbound" adaptation layers and "southbound" platforms, supporting both kernel and non-kernel usage scenarios [1]. - LiteBox inherently includes Rust's memory safety features, making it more stable and less vulnerable compared to traditional C/C++ sandboxes [4]. Group 2 - It is lighter than virtual machines and more secure than containers, supporting cross-platform execution of Linux programs and integration with hardware security features like AMD SEV-SNP, making it suitable for cloud services and enterprise-level high-security scenarios [4]. - The project is currently in the experimental stage, with interfaces still being iterated upon, and it is open-sourced under the MIT license, with code hosted on GitHub [4].