Hacker News new | past | comments | ask | show | jobs | submit login

I thought that presentation was a little like looking at a hobby OS of a type, then attempting to draw security conclusions for all of that type.

The NanoVMs unikernel for example, is pretty small, DoD supported, and has:

ASLR

    Stack Randomization
    Heap Randomization
    Library Randomization
    Executable Randomization
Page Protections

    Stack Execution off by Default
    Heap Execution off by Default
    Null Page is Not Mapped
    Stack Cookies/Canaries
    Rodata no execute
    Text no write
STIG



Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: