A security perspective on Unikernels

Talbot, Joshua and Pikula, Przemek and Sweetmore, Craig and Rowe, Samuel and Hindy, Hanan and Tachtatzis, Christos and Atkinson, Robert and Bellekens, Xavier (2020) A security perspective on Unikernels. In: International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2020), 2020-06-15 - 2020-06-19, held online (virtual). (https://doi.org/10.1109/CyberSecurity49315.2020.91...)

[thumbnail of Talbot-etal-IEEECS-2020-A-security-perspective-on-Unikernels]
Preview
 Text. Filename: Talbot_etal_IEEECS_2020_A_security_perspective_on_Unikernels.pdf
Accepted Author Manuscript
Download (871kB)| Preview

Abstract

Cloud-based infrastructures have grown in popularity over the last decade leveraging virtualisation, server, storage, compute power and network components to develop flexible applications. The requirements for instantaneous deployment and reduced costs have led the shift from virtual machine deployment to containerisation, increasing the overall flexibility of applications and increasing performances. However, containers require a fully fleshed operating system to execute, increasing the attack surface of an application. Unikernels, on the other hand, provide a lightweight memory footprint, ease of application packaging and reduced start-up times. Moreover, Unikernels reduce the attack surface due to the self-contained environment only enabling low-level features. In this work, we provide an exhaustive description of the unikernel ecosystem; we demonstrate unikernel vulnerabilities and further discuss the security implications of Unikernel-enabled environments through different use-cases.

ORCID iDs

Talbot, Joshua, Pikula, Przemek, Sweetmore, Craig, Rowe, Samuel, Hindy, Hanan, Tachtatzis, Christos ORCID logoORCID: https://orcid.org/0000-0001-9150-6805, Atkinson, Robert ORCID logoORCID: https://orcid.org/0000-0002-6206-2229 and Bellekens, Xavier ORCID logoORCID: https://orcid.org/0000-0003-1849-5788;
CORE (COnnecting REpositories)