A security perspective on Unikernels

Joshua Talbot; Przemek Pikula; Craig Sweetmore; Samuel Rowe; Hanan Hindy; Christos Tachtatzis; Robert Atkinson; Xavier Bellekens

doi:10.1109/CyberSecurity49315.2020.9138883

A security perspective on Unikernels

Joshua Talbot, Przemek Pikula, Craig Sweetmore, Samuel Rowe, Hanan Hindy, Christos Tachtatzis, Robert Atkinson, Xavier Bellekens

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

33 Downloads (Pure)

Abstract

Cloud-based infrastructures have grown in popularity over the last decade leveraging virtualisation, server, storage, compute power and network components to develop flexible applications. The requirements for instantaneous deployment and reduced costs have led the shift from virtual machine deployment to containerisation, increasing the overall flexibility of applications and increasing performances. However, containers require a fully fleshed operating system to execute, increasing the attack surface of an application. Unikernels, on the other hand, provide a lightweight memory footprint, ease of application packaging and reduced start-up times. Moreover, Unikernels reduce the attack surface due to the self-contained environment only enabling low-level features. In this work, we provide an exhaustive description of the unikernel ecosystem; we demonstrate unikernel vulnerabilities and further discuss the security implications of Unikernel-enabled environments through different use-cases.

Original language	English
Title of host publication	International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2020)
Publisher	IEEE
Chapter	20
Number of pages	7
ISBN (Electronic)	9781728164281
ISBN (Print)	9781728164298
DOIs	https://doi.org/10.1109/CyberSecurity49315.2020.9138883
Publication status	Published - 13 Jul 2020
Event	Cyber Security 2020: Advancing a multidisciplinary approach to Cyber Security - held online (virtual), Dublin, Ireland Duration: 15 Jun 2020 → 19 Jun 2020 http://www.c-mric.com/cs2020

Conference

Conference	Cyber Security 2020
Country	Ireland
City	Dublin
Period	15/06/20 → 19/06/20
Internet address	http://www.c-mric.com/cs2020

Access to Document

10.1109/CyberSecurity49315.2020.9138883

Hindy_ASecurityPerspectiveOnUnikernels_Accepted_2020Accepted author manuscript, 480 KB

Fingerprint Dive into the research topics of 'A security perspective on Unikernels'. Together they form a unique fingerprint.

Cite this

Talbot, J., Pikula, P., Sweetmore, C., Rowe, S., Hindy, H., Tachtatzis, C., Atkinson, R., & Bellekens, X. (2020). A security perspective on Unikernels. In International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2020) IEEE . https://doi.org/10.1109/CyberSecurity49315.2020.9138883

@inproceedings{f35f8be5791c472ea452ff9f1fdb0e7d,

title = "A security perspective on Unikernels",

abstract = "Cloud-based infrastructures have grown in popularity over the last decade leveraging virtualisation, server, storage, compute power and network components to develop flexible applications. The requirements for instantaneous deployment and reduced costs have led the shift from virtual machine deployment to containerisation, increasing the overall flexibility of applications and increasing performances. However, containers require a fully fleshed operating system to execute, increasing the attack surface of an application. Unikernels, on the other hand, provide a lightweight memory footprint, ease of application packaging and reduced start-up times. Moreover, Unikernels reduce the attack surface due to the self-contained environment only enabling low-level features. In this work, we provide an exhaustive description of the unikernel ecosystem; we demonstrate unikernel vulnerabilities and further discuss the security implications of Unikernel-enabled environments through different use-cases.",

author = "Joshua Talbot and Przemek Pikula and Craig Sweetmore and Samuel Rowe and Hanan Hindy and Christos Tachtatzis and Robert Atkinson and Xavier Bellekens",

year = "2020",

month = jul,

day = "13",

doi = "10.1109/CyberSecurity49315.2020.9138883",

language = "English",

isbn = "9781728164298",

booktitle = "International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2020)",

publisher = "IEEE ",

note = "Cyber Security 2020 : Advancing a multidisciplinary approach to Cyber Security ; Conference date: 15-06-2020 Through 19-06-2020",

url = "http://www.c-mric.com/cs2020",

}

A security perspective on Unikernels. / Talbot, Joshua; Pikula, Przemek; Sweetmore, Craig; Rowe, Samuel; Hindy, Hanan; Tachtatzis, Christos; Atkinson, Robert; Bellekens, Xavier.

International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2020). IEEE , 2020.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - A security perspective on Unikernels

AU - Talbot, Joshua

AU - Pikula, Przemek

AU - Sweetmore, Craig

AU - Rowe, Samuel

AU - Hindy, Hanan

AU - Tachtatzis, Christos

AU - Atkinson, Robert

AU - Bellekens, Xavier

PY - 2020/7/13

Y1 - 2020/7/13

N2 - Cloud-based infrastructures have grown in popularity over the last decade leveraging virtualisation, server, storage, compute power and network components to develop flexible applications. The requirements for instantaneous deployment and reduced costs have led the shift from virtual machine deployment to containerisation, increasing the overall flexibility of applications and increasing performances. However, containers require a fully fleshed operating system to execute, increasing the attack surface of an application. Unikernels, on the other hand, provide a lightweight memory footprint, ease of application packaging and reduced start-up times. Moreover, Unikernels reduce the attack surface due to the self-contained environment only enabling low-level features. In this work, we provide an exhaustive description of the unikernel ecosystem; we demonstrate unikernel vulnerabilities and further discuss the security implications of Unikernel-enabled environments through different use-cases.

AB - Cloud-based infrastructures have grown in popularity over the last decade leveraging virtualisation, server, storage, compute power and network components to develop flexible applications. The requirements for instantaneous deployment and reduced costs have led the shift from virtual machine deployment to containerisation, increasing the overall flexibility of applications and increasing performances. However, containers require a fully fleshed operating system to execute, increasing the attack surface of an application. Unikernels, on the other hand, provide a lightweight memory footprint, ease of application packaging and reduced start-up times. Moreover, Unikernels reduce the attack surface due to the self-contained environment only enabling low-level features. In this work, we provide an exhaustive description of the unikernel ecosystem; we demonstrate unikernel vulnerabilities and further discuss the security implications of Unikernel-enabled environments through different use-cases.

U2 - 10.1109/CyberSecurity49315.2020.9138883

DO - 10.1109/CyberSecurity49315.2020.9138883

M3 - Conference contribution

SN - 9781728164298

BT - International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2020)

PB - IEEE

T2 - Cyber Security 2020

Y2 - 15 June 2020 through 19 June 2020

ER -