|
1 | 1 | # Architecture Overview |
2 | 2 |
|
| 3 | +## Architectural Model: Inverted VM |
| 4 | + |
| 5 | +Traditional virtual machines (Firecracker, QEMU) place the OS **inside** the VM — a hypervisor |
| 6 | +virtualizes hardware, and a guest kernel (Linux) runs on top: |
| 7 | + |
| 8 | +``` |
| 9 | +Traditional: VM contains OS |
| 10 | +
|
| 11 | + ┌────────────────────┐ |
| 12 | + │ Hypervisor / VM │ (Firecracker, QEMU, KVM) |
| 13 | + │ │ |
| 14 | + │ ┌──────────────┐ │ |
| 15 | + │ │ Guest OS │ │ (Linux kernel) |
| 16 | + │ │ │ │ |
| 17 | + │ │ ┌────────┐ │ │ |
| 18 | + │ │ │ Apps │ │ │ (ELF binaries) |
| 19 | + │ │ └────────┘ │ │ |
| 20 | + │ └──────────────┘ │ |
| 21 | + └────────────────────┘ |
| 22 | +``` |
| 23 | + |
| 24 | +Secure Exec inverts this: the OS is the **outer** layer, and execution engines (V8, WASM) are |
| 25 | +plugged **into** it. The kernel runs in the host process and mediates all I/O. There is no |
| 26 | +hypervisor — the isolation boundary is the V8 isolate and WASM sandbox, not hardware virtualization: |
| 27 | + |
| 28 | +``` |
| 29 | +Secure Exec: OS contains VMs |
| 30 | +
|
| 31 | + ┌──────────────────────────────────────────────┐ |
| 32 | + │ Virtual OS (packages/core/kernel/) │ |
| 33 | + │ VFS, process table, FD table, │ |
| 34 | + │ sockets, pipes, signals, permissions │ |
| 35 | + │ │ |
| 36 | + │ ┌─────────────────┐ ┌───────────────────┐ │ |
| 37 | + │ │ V8 Isolate │ │ WASM Runtime │ │ |
| 38 | + │ │ (Node.js) │ │ (V8 WebAssembly)│ │ |
| 39 | + │ │ │ │ │ │ |
| 40 | + │ │ JS scripts │ │ POSIX binaries │ │ |
| 41 | + │ └─────────────────┘ └───────────────────┘ │ |
| 42 | + └──────────────────────────────────────────────┘ |
| 43 | +``` |
| 44 | + |
| 45 | +### Comparison: Containers vs MicroVMs vs Secure Exec |
| 46 | + |
| 47 | +``` |
| 48 | +Container (Docker) |
| 49 | +
|
| 50 | + ┌───────────────────────────────────────────┐ |
| 51 | + │ Host Linux Kernel (shared) │ |
| 52 | + │ │ |
| 53 | + │ ┌─────────────────┐ ┌────────────────┐ │ |
| 54 | + │ │ Namespace + │ │ Namespace + │ │ |
| 55 | + │ │ cgroup jail │ │ cgroup jail │ │ |
| 56 | + │ │ │ │ │ │ |
| 57 | + │ │ ┌───────────┐ │ │ ┌──────────┐ │ │ |
| 58 | + │ │ │ App 1 │ │ │ │ App 2 │ │ │ |
| 59 | + │ │ │ ELF bins │ │ │ │ ELF bins │ │ │ |
| 60 | + │ │ └───────────┘ │ │ └──────────┘ │ │ |
| 61 | + │ └─────────────────┘ └────────────────┘ │ |
| 62 | + └───────────────────────────────────────────┘ |
| 63 | + Kernel is shared. Kernel vuln = all containers escape. |
| 64 | +
|
| 65 | +
|
| 66 | +MicroVM (Firecracker) |
| 67 | +
|
| 68 | + ┌───────────────────────────────────────────┐ |
| 69 | + │ Host Linux Kernel │ |
| 70 | + │ │ |
| 71 | + │ ┌─────────────────┐ ┌────────────────┐ │ |
| 72 | + │ │ KVM / VT-x │ │ KVM / VT-x │ │ |
| 73 | + │ │ (hypervisor) │ │ (hypervisor) │ │ |
| 74 | + │ │ │ │ │ │ |
| 75 | + │ │ ┌────────────┐ │ │ ┌──────────┐ │ │ |
| 76 | + │ │ │ Guest │ │ │ │ Guest │ │ │ |
| 77 | + │ │ │ Linux │ │ │ │ Linux │ │ │ |
| 78 | + │ │ │ Kernel │ │ │ │ Kernel │ │ │ |
| 79 | + │ │ │ │ │ │ │ │ │ │ |
| 80 | + │ │ │ ┌──────┐ │ │ │ │ ┌──────┐ │ │ │ |
| 81 | + │ │ │ │ App │ │ │ │ │ │ App │ │ │ │ |
| 82 | + │ │ │ └──────┘ │ │ │ │ └──────┘ │ │ │ |
| 83 | + │ │ └────────────┘ │ │ └──────────┘ │ │ |
| 84 | + │ └─────────────────┘ └────────────────┘ │ |
| 85 | + └───────────────────────────────────────────┘ |
| 86 | + Each VM has its own kernel. Hypervisor vuln = escape. |
| 87 | +
|
| 88 | +
|
| 89 | +Secure Exec |
| 90 | +
|
| 91 | + ┌───────────────────────────────────────────┐ |
| 92 | + │ Host Process (Node.js / Browser) │ |
| 93 | + │ │ |
| 94 | + │ ┌─────────────────┐ ┌────────────────┐ │ |
| 95 | + │ │ Virtual OS │ │ Virtual OS │ │ |
| 96 | + │ │ (SEOS kernel) │ │ (SEOS kernel) │ │ |
| 97 | + │ │ │ │ │ │ |
| 98 | + │ │ ┌────────────┐ │ │ ┌──────────┐ │ │ |
| 99 | + │ │ │ V8 / WASM │ │ │ │ V8 / WASM│ │ │ |
| 100 | + │ │ │ │ │ │ │ │ │ │ |
| 101 | + │ │ │ JS / WASM │ │ │ │ JS / WASM│ │ │ |
| 102 | + │ │ │ programs │ │ │ │ programs │ │ │ |
| 103 | + │ │ └────────────┘ │ │ └──────────┘ │ │ |
| 104 | + │ └─────────────────┘ └────────────────┘ │ |
| 105 | + └───────────────────────────────────────────┘ |
| 106 | + Each instance has its own kernel. V8/WASM vuln = escape. |
| 107 | +``` |
| 108 | + |
| 109 | +| | Container | MicroVM | Secure Exec | |
| 110 | +|--------------------|----------------------|-----------------------|-----------------------| |
| 111 | +| **Isolation** | Namespaces + cgroups | Hardware (VT-x/KVM) | V8 isolate + WASM | |
| 112 | +| **Kernel** | Shared host kernel | Dedicated guest kernel| Virtual POSIX kernel | |
| 113 | +| **Attack surface** | Host kernel syscalls | Hypervisor interface | JS/WASM sandbox | |
| 114 | +| **Boot time** | ~100ms | ~125ms | <5ms | |
| 115 | +| **Overhead** | Near-native | ~3-5% CPU/memory | V8/WASM overhead | |
| 116 | +| **Runs in browser**| No | No | Yes | |
| 117 | +| **Guest format** | ELF binaries | ELF binaries | JS scripts + WASM | |
| 118 | +| **Escape risk** | Kernel vuln = escape | Hypervisor vuln = escape | V8 vuln = escape | |
| 119 | + |
| 120 | +Key architectural differences: |
| 121 | +- **Containers** share the host kernel — a kernel vulnerability lets every container escape. The kernel is the trust boundary and the attack surface simultaneously. |
| 122 | +- **MicroVMs** run a dedicated guest kernel inside hardware virtualization. Stronger isolation (hypervisor boundary), but 100ms+ boot time and no browser support. |
| 123 | +- **Secure Exec** provides its own virtual kernel in userspace. No shared kernel attack surface (the virtual kernel is per-instance), no hardware requirements, millisecond boot. The tradeoff is that isolation depends on V8/WASM sandbox correctness rather than hardware enforcement. |
| 124 | + |
| 125 | +The WASI extensions (`native/wasmvm/crates/wasi-ext/`) bridge WASM syscalls into the OS kernel. |
| 126 | +The Node.js bridge (`packages/nodejs/src/bridge/`) does the same for V8 isolate code. Both are |
| 127 | +thin translation layers — the real implementation lives in the kernel. |
| 128 | + |
| 129 | +## Package Map |
| 130 | + |
3 | 131 | ``` |
4 | 132 | Kernel-first API (createKernel + mount + exec) |
5 | 133 | packages/core/ |
|
0 commit comments