TL;DR
This paper explores the security aspects of unikernels, highlighting their advantages in reducing attack surfaces and analyzing vulnerabilities within the unikernel ecosystem through various use-cases.
Contribution
It provides a comprehensive overview of unikernel security, including vulnerabilities and implications, which is a novel analysis of their security landscape.
Findings
Unikernels have a smaller attack surface compared to traditional OS environments.
Vulnerabilities specific to unikernels are identified and analyzed.
Security implications vary across different use-cases.
Abstract
Cloud-based infrastructures have grown in popularity over the last decade leveraging virtualisation, server, storage, compute power and network components to develop flexible applications. The requirements for instantaneous deployment and reduced costs have led the shift from virtual machine deployment to containerisation, increasing the overall flexibility of applications and increasing performances. However, containers require a fully fleshed operating system to execute, increasing the attack surface of an application. Unikernels, on the other hand, provide a lightweight memory footprint, ease of application packaging and reduced start-up times. Moreover, Unikernels reduce the attack surface due to the self-contained environment only enabling low-level features. In this work, we provide an exhaustive description of the unikernel ecosystem; we demonstrate unikernel vulnerabilities and…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
