A Survey of Unikernel Security: Insights and Trends from a Quantitative Analysis

TL;DR

This paper surveys unikernel security, analyzing research trends and highlighting underexplored attack surfaces, especially focusing on the prevalence of security features like SGX and the neglect of others like ASLR and DEP.

Contribution

It introduces a quantitative TF-IDF methodology to analyze security research focus areas within unikernel literature from 2013 to 2023.

Findings

SGX is the most frequently discussed security feature.

Memory protection extensions and DEP are rarely addressed.

The analysis reveals gaps and priorities in unikernel security research.

Abstract

Unikernels, an evolution of LibOSs, are emerging as a virtualization technology to rival those currently used by cloud providers. Unikernels combine the user and kernel space into one "uni"fied memory space and omit functionality that is not necessary for its application to run, thus drastically reducing the required resources. The removed functionality however is far-reaching and includes components that have become common security technologies such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and Non-executable bits (NX bits). This raises questions about the real-world security of unikernels. This research presents a quantitative methodology using TF-IDF to analyze the focus of security discussions within unikernel research literature. Based on a corpus of 33 unikernel-related papers spanning 2013-2023, our analysis found that Memory Protection Extensions and Data Execution Prevention were the least frequently occurring topics, while SGX was the most frequent topic. The findings quantify priorities and assumptions in unikernel security research, bringing to light potential risks from underexplored attack surfaces. The quantitative approach is broadly applicable for revealing trends and gaps in niche security domains.