The Case for Intra-Unikernel Isolation

Pierre Olivier, Antonio Barbalace, Binoy Ravindran

Research output: Contribution to conferencePaperpeer-review


The unikernel is an emerging operating system model offering lightweightness, security and performance benefits. In this paper we argue that a fundamental design principle of unikernels, the fact that one instance is viewed as a single unit of trust, is not suitable for the high security requirements of today’s cloud applications. We advocate for the introduction of intra-unikernel isolation. We
observe that some unikernel benefits derive from another fundamental design principle: the presence of a single address space. We investigate bringing intra-unikernel isolation without breaking that principle with the help of hardware technologies in the form of modern (Intel Memory Protection Keys) and future (hardware capabilities) Instruction Set Architecture extensions.
Original languageEnglish
Publication statusAccepted/In press - 17 Mar 2020
EventThe 10th Workshop on Systems for Post-Moore Architectures - Virtual
Duration: 27 Apr 202027 Apr 2020


WorkshopThe 10th Workshop on Systems for Post-Moore Architectures


Dive into the research topics of 'The Case for Intra-Unikernel Isolation'. Together they form a unique fingerprint.

Cite this