Abstract / Description of output
The unikernel is an emerging operating system model offering lightweightness, security and performance benefits. In this paperwe argue that a fundamental design principle of unikernels, the fact that one instance is viewed as a single unit of trust, is not suitable for the high security requirements of today’s cloud applications. We advocate for the introduction of intra-unikernel isolation. We observe that some unikernel benefits derive from another fundamental design principle: the presence of a single address space .We investigate bringing intra-unikernel isolation without breaking that principle with the help of hardware technologies in the form of modern (Intel Memory Protection Keys) and future (hardware capabilities) Instruction Set Architecture extensions.
Original language | English |
---|---|
Number of pages | 4 |
Publication status | Published - 27 Apr 2020 |
Event | The 10th Workshop on Systems for Post-Moore Architectures - Heraklion, Greece Duration: 27 Apr 2020 → 27 Apr 2020 Conference number: 10 |
Workshop
Workshop | The 10th Workshop on Systems for Post-Moore Architectures |
---|---|
Abbreviated title | SPMA 2020 |
Country/Territory | Greece |
City | Heraklion |
Period | 27/04/20 → 27/04/20 |