The author introduces their work on TinyKVM, a KVM-based single-process sandbox for running regular Linux programs with incredible performance. The unique features of TinyKVM include the ability to create hugepages for higher performance, low overhead for function calls, and the option to halt execution after a given time without thread setup. The author highlights the security benefits of TinyKVM, such as making VMs ephemeral to prevent persistence and trace of previous requests. They also address future work, drawbacks, and benchmarks to showcase TinyKVM as a fast and secure sandbox solution with a minimal attack surface.
https://info.varnish-software.com/blog/tinykvm-the-fastest-sandbox