Linux Containers on MacOS and Windows.
Docker daemon runs inside a lightweight Linux VM Docker client runs on the host OS (MacOS or Win). Containers are connected to the host native stacks via MirageOS interceptors (VPNKit and osxfs)
VPNKit transparently rewrites the network traffic so that Linux containers can use network ports on the MacOS host. osxfs transparently shares Apple Filesystem volumes with Linux containers (including filesystem events).
Holds 10 BitCoins, and designed to help the attacker.
Can be set up to talk to itself, all traffic visible to hacker All source code open with precise manifest on GitHub Standard protocol implementation with no obfuscation
Many attacks during 3 years, some found software bugs, but all resulted in clean exceptions and no data loss. Bitcoins were safe.
A desktop operating system made up of multiple virtual machines, running under Xen..
To protect against buggy network drivers, the physical network hardware is accessed only by a dedicated (and untrusted) “NetVM”. NetVM is connected to the rest of the system via a separate (trusted) “FirewallVM”.
The resulting VM uses less than a tenth of the memory of the default FirewallVM. It boots several times faster and it is much easier to audit or extend