Unikernels for Cloud Architectures: How Single Responsibility can Reduce Complexity, Thus Improving Enterprise Cloud Security

  title={Unikernels for Cloud Architectures: How Single Responsibility can Reduce Complexity, Thus Improving Enterprise Cloud Security},
  author={Andreas Happe and Bob Duncan and Alfred Bratterud},
  booktitle={International Conference on Complex Information Systems},
ACKNOWLEDGEMENTS This work was in part funded by the European Commission through grant agreement no 644962 (PRISMACLOUD). 

Figures from this paper

History of Cloud Application Architectures From Deployment Monoliths via Microservices to Serverless Architectures and Possible Roads Ahead-A Review from the Frontline ( invited paper )

A review of cloud application architecture architectures and its evolution is presented, finding a decentralizing trend in cloud application architectures is observable that emphasizes decentralized architectures known from former peer-to-peer based approaches.

Cloud Cyber Security: Finding an Effective Approach with Unikernels

A range of issues, which need to be dealt with properly to ensure a robust level of security and privacy can be achieved are identified and a novel means of effectively and efficiently achieving these goals through the use of well-designed unikernel-based systems is proposed.

Achieving GDPR Compliance with Unikernels

This work addresses the problem of the Cloud Forensic Problem through the use of Unikernel based monitoring systems which can ensure both full forensic and audit trails can be maintained.

A Brief History of Cloud Application Architectures

A review of cloud application architectures and its evolution is presented, reports observations being made during a research project that tackled the problem to transfer cloud applications between different cloud infrastructures, and identifies a decentralizing trend that emphasizes decentralized architectures known from former peer-to-peer based approaches.

Advances in Security in Computing and Communications

This book presents some of the state-of-the-art research work in the field of cryptography and security in computing and communications and is a valuable source of knowledge for re-searchers, engineers, practitioners, graduates, and doctoral students who are working in the fields of cryptography, network security, and security and privacy issues in the Internet of Things.

Evaluation of the trust values among human resources in the enterprise cloud using an optimization algorithm and fuzzy logic

A fuzzy-based method and firefly optimization algorithm are suggested for optimizing HR vulnerabilities while mitigating security expenses in organizational cloud environments to maximize the covered human resource vulnerabilities and minimize the security costs in the enterprise cloud.

Attackers Constantly Threaten the Survival of Organisations, but there is a New Shark in the Water: Carcharodon Carcharias Moderator Europa Universalis

  • B. Duncan
  • Political Science
    2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)
  • 2018
The need for all such organisations to be aware of the serious pitfalls they face when considering the impact of this regulation should they fail to be compliant is highlighted.



Enhancing Cloud Security and Privacy: The Unikernel Solution

The technical details of a new approach to addressing cloud security and privacy by utilising a unikernel based solution are outlined, identifying how this new approach can better address the issues involved.

Jitsu: Just-In-Time Summoning of Unikernels

Jitsu is presented, a new Xen toolstack that satisfies the demands of secure multitenant isolation on resource-constrained embedded ARM devices by using unikernels: lightweight, compact, single address space, memory-safe virtual machines (VMs) written in a high-level language.

Unikernels: Rise of the Virtual Library Operating System

The basic enabling technology for the cloud is operating-system virtualization such as Xen1 or VMWare, which allows customers to multiplex VMs on a shared cluster of physical machines.

Unikernels: library operating systems for the cloud

The Mirage prototype compiles OCaml code into unikernels that run on commodity clouds and offer an order of magnitude reduction in code size without significant performance penalty, and demonstrates that the hypervisor is a platform that overcomes the hardware compatibility issues that have made past library operating systems impractical to deploy in the real-world.

Analysis of Docker Security

This paper analyzes the security level of Docker, a well-known representative of container-based approaches, and considers how Docker interacts with the security features of the Linux kernel, such as SELinux and AppArmor, in order to harden the host system.

Consistency Tradeoffs in Modern Distributed Database System Design: CAP is Only Part of the Story

A proposed new formulation, PACELC, unifies this tradeoff with CAP, which has had a more direct influence on several well-known DDBSs.

Container-based operating system virtualization: a scalable, high-performance alternative to hypervisors

This paper describes the design and implementation of Linux-VServer, an alternative to hypervisors that is better suited to scenarios that require system virtualization with high degrees of both isolation and efficiency, and shows how Linux- VServer provides comparable support for isolation and superior system efficiency.

IncludeOS: A Minimal, Resource Efficient Unikernel for Cloud Services

IncludeOS is presented, a single tasking library operating system for cloud services, written from scratch in C++, with key features including: extremely small disk-and memory footprint, efficient asynchronous I/O, OS-library where only what your service needs gets included, and only one device driver by default (virtio).

Virtual Machine Isolation - A Survey on the Security of Virtual Machines

A special focus of the survey is on hardware limitations to support virtualization, and the conclusion drawn is that hardware limitations of different types are the root cause of most of the security issues.

Automating Isolation and Least Privilege in Web Services

The design and implementation of Passe is described, a system that protects a data store from unintended data leaks and unauthorized writes even in the face of application compromise, and it mitigate the cross-component effects of cross-site scripting (XSS) attacks by combining browser HTML5 sandboxing techniques with its automatic component separation.