Abstract
The unikernel is an emerging operating system model offering lightweightness, security and performance benefits. In this paper we argue that a fundamental design principle of unikernels, the fact that one instance is viewed as a single unit of trust, is not suitable for the high security requirements of today’s cloud applications. We advocate for the introduction of intra-unikernel isolation. We
observe that some unikernel benefits derive from another fundamental design principle: the presence of a single address space. We investigate bringing intra-unikernel isolation without breaking that principle with the help of hardware technologies in the form of modern (Intel Memory Protection Keys) and future (hardware capabilities) Instruction Set Architecture extensions.
observe that some unikernel benefits derive from another fundamental design principle: the presence of a single address space. We investigate bringing intra-unikernel isolation without breaking that principle with the help of hardware technologies in the form of modern (Intel Memory Protection Keys) and future (hardware capabilities) Instruction Set Architecture extensions.
| Original language | English |
|---|---|
| Publication status | Accepted/In press - 17 Mar 2020 |
| Event | The 10th Workshop on Systems for Post-Moore Architectures - Virtual Duration: 27 Apr 2020 → 27 Apr 2020 |
Workshop
| Workshop | The 10th Workshop on Systems for Post-Moore Architectures |
|---|---|
| City | Virtual |
| Period | 27/04/20 → 27/04/20 |