TL;DR
This paper compares various cloud isolation platforms, evaluating their performance and security, revealing that containers offer near-native performance, while unikernels provide the highest isolation.
Contribution
It provides a comprehensive experimental analysis of containers, secure containers, hypervisors, and unikernels, highlighting their performance and isolation trade-offs.
Findings
Containers have near-native performance.
Secure containers suffer from overheads.
Unikernels offer the highest degree of isolation.
Abstract
With the ever-increasing pervasiveness of the cloud computing paradigm, strong isolation guarantees and low performance overhead from isolation platforms are paramount. An ideal isolation platform offers both: an impermeable isolation boundary while imposing a negligible performance overhead. In this paper, we examine various isolation platforms (containers, secure containers, hypervisors, unikernels), and conduct a wide array of experiments to measure the performance overhead and degree of isolation offered by the platforms. We find that container platforms have the best, near-native, performance while the newly emerging secure containers suffer from various overheads. The highest degree of isolation is achieved by unikernels, closely followed by traditional containers.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
