Asterinas Open-Source Secure OS and Confidential Computing Stack Launched by Chinese Research Institutions

On October 22, the open‑source system software stack "Asterinas" (星绽) was released by a collaboration of Zhongguancun Laboratory, Ant Group, Peking University, Southern University of Science and Technology, and other industry‑academic partners, targeting secure, trustworthy computing foundations.

Asterinas includes two main projects: Asterinas OS, an industrial‑grade open‑source operating system kernel built with Rust and a novel in‑kernel architecture that minimizes unsafe code, and Asterinas Confidential Computing, which provides a trusted execution environment.

Asterinas OS supports x86 and RISC‑V architectures, is Linux‑compatible with over 170 system calls, can run web services, and matches mainstream Linux performance on LMbench benchmarks; its code is hosted on GitHub under the MPL license.

The confidential computing side comprises three core components—HyperEnclave, Occlum, and TrustFlow—forming a stack from secure virtualization to trusted services, enabling large‑scale data‑flow security and addressing challenges such as CPU root of trust and side‑channel mitigation.

Recent deployments include Hangzhou's first national confidential computing center using Asterinas Confidential Computing as a security foundation, and the "Farmers’ Instant Loan" project, which built a confidential spatiotemporal computing platform serving over 6 million farmers.

Ant Group’s Vice President and Chief Security Officer Wei Tao highlighted the need for native security paradigms in the era of AI, big data, and industrial‑scale system software, while academician Ni Guangnan emphasized open‑source as a driver for global technological innovation and digital economy development.