Unikernel Security Analysis


Playlists: 'gpn20' videos starting here / audio

This talk will give an introduction into the concept of unikernels and basic operating system security features and will discuss how this security features are (not) implemented in unikernels.

When creating a unikernel, the application is compiled together with an operating system library into a single address space image. Thus, it only contains the code necessary to fulfill the single purpose it was created for. Most unikernels run on top of a hypervisor. Due to the minimalist approach, unikernels are very resource efficient, which makes them attractive for cloud and high performance computing.
Multiple unikernels claim to be more secure than a traditional operating system due to their massively reduced attack surface. But is this really true? Or are they too minimalist and leave out important security features? What are the implications of a single address space? Is every security problem solved when rewriting the unikernel in Rust?

While there are multiple papers analyzing unikernels from a performance perspective, there are only few analyzing them from a security perspective and none of them analyzes a unikernel written in a memory safe language from scratch.
Thus, I decided to analyze and discuss unikernel security in my master thesis. The core part is an extensive analysis of the RustyHermit unikernel, a unikernel written in Rust and developed as a research project at RWTH Aachen University. In addition, I analyzed multiple unikernels for the most basic security features present in traditional operating systems, e.g. ASLR, W^X and stack canaries.