The Case for Intra-Unikernel Isolation

Pierre Olivier, Antonio Barbalace, Binoy Ravindran

Research output: Contribution to conferencePaperpeer-review

Abstract

The unikernel is an emerging operating system model offering lightweightness, security and performance benefits. In this paperwe argue that a fundamental design principle of unikernels, the fact that one instance is viewed as a single unit of trust, is not suitable for the high security requirements of today’s cloud applications. We advocate for the introduction of intra-unikernel isolation. We observe that some unikernel benefits derive from another fundamental design principle: the presence of a single address space .We investigate bringing intra-unikernel isolation without breaking that principle with the help of hardware technologies in the form of modern (Intel Memory Protection Keys) and future (hardware capabilities) Instruction Set Architecture extensions.
Original languageEnglish
Number of pages4
Publication statusPublished - 27 Apr 2020
EventThe 10th Workshop on Systems for Post-Moore Architectures - Heraklion, Greece
Duration: 27 Apr 202027 Apr 2020
Conference number: 10

Workshop

WorkshopThe 10th Workshop on Systems for Post-Moore Architectures
Abbreviated titleSPMA 2020
CountryGreece
CityHeraklion
Period27/04/2027/04/20

Fingerprint Dive into the research topics of 'The Case for Intra-Unikernel Isolation'. Together they form a unique fingerprint.

Cite this