Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn about LITESHIELD, a novel userspace isolation architecture for secure containers that fundamentally reexamines the boundary between user applications and system services in this 18-minute conference presentation from USENIX ATC '25. Discover how LITESHIELD decouples traditional guest kernel functionality into modular userspace microkernel (µkernel) services that communicate with guest applications through low-latency, shared-memory-based inter-process communication (IPC). Explore the system's approach to serving most Linux syscalls in userspace while enforcing a significantly reduced user-to-host interface with just 22 syscalls, achieving strong isolation comparable to virtual machines without the complexity of hypervisors and hardware virtualization. Understand how LITESHIELD provides a POSIX-compatible runtime with fine-grained syscall interception to support legacy applications and enables composable µkernel services that can integrate specialized userspace components such as networking and filesystems. Examine the implementation results demonstrating that LITESHIELD delivers strong isolation with performance comparable to traditional containers, presented by researchers from The University of Texas at Arlington and the Air Force Research Laboratory.
