A challenge in constructing these security kernels is deciding what should go into it.

构建这些安全内核的一个挑战是决定应该将什么放入其中。

One of the holy grails of system-level security is a "security kernel" or a "trusted computing base": a minimal set of operating system software that's close to provably secure.

系统级安全的圣杯之一是 "安全内核" 或 "可信计算基础"：一组尽可能少的操作系统软件，安全性都是接近可验证的。