From 719ac4c75ac979ef733aae6a20a70e6562516ddc Mon Sep 17 00:00:00 2001 From: Isaac Foster Date: Fri, 17 Jan 2025 12:02:39 -0500 Subject: [PATCH] Update security.md typo Signed-off-by: Isaac Foster --- docs/security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/security.md b/docs/security.md index bff64e44f..6f0ae8419 100644 --- a/docs/security.md +++ b/docs/security.md @@ -8,7 +8,7 @@ Hyperlight assumes that guest binaries are untrusted, and are running arbitrary, ### Hypervisor Isolation -Hyperlight runs all guest code inside a Virtual Machine, Each VM only has access to a very specific, small (by default) pre-allocated memory buffer in the host's process, no dynamic memory allocations are allowed. As a result, any attempt by the guest to read or write to memory anywhere outside of that particular buffer is caught by the hypervisor. Similarly, the guest VM does not have any access to devices since non are provided by the hyperlight host library, therefore there is no file, network, etc. access available to guest code. +Hyperlight runs all guest code inside a Virtual Machine, Each VM only has access to a very specific, small (by default) pre-allocated memory buffer in the host's process, no dynamic memory allocations are allowed. As a result, any attempt by the guest to read or write to memory anywhere outside of that particular buffer is caught by the hypervisor. Similarly, the guest VM does not have any access to devices since none are provided by the hyperlight host library, therefore there is no file, network, etc. access available to guest code. ### Host-Guest Communication (Serialization and Deserialization)