Unikernels for Cloud Architectures: How Single Responsibility can Reduce Complexity, Thus Improving Enterprise Cloud Security

  title={Unikernels for Cloud Architectures: How Single Responsibility can Reduce Complexity, Thus Improving Enterprise Cloud Security},
  author={A. Happe and B. Duncan and Alfred Bratterud},
ACKNOWLEDGEMENTS This work was in part funded by the European Commission through grant agreement no 644962 (PRISMACLOUD). 
A Continuous Delivery Strategy for Unikernel-Based Cloud Services
History of Cloud Application Architectures From Deployment Monoliths via Microservices to Serverless Architectures and Possible Roads Ahead-A Review from the Frontline ( invited paper )
A review of cloud application architecture architectures and its evolution is presented, finding a decentralizing trend in cloud application architectures is observable that emphasizes decentralized architectures known from former peer-to-peer based approaches. Expand
Cloud Cyber Security: Finding an Effective Approach with Unikernels
A range of issues, which need to be dealt with properly to ensure a robust level of security and privacy can be achieved are identified and a novel means of effectively and efficiently achieving these goals through the use of well-designed unikernel-based systems is proposed. Expand
Attackers Constantly Threaten the Survival of Organisations, but there is a New Shark in the Water: Carcharodon Carcharias Moderator Europa Universalis
  • B. Duncan
  • Business, Computer Science
  • 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)
  • 2018
The need for all such organisations to be aware of the serious pitfalls they face when considering the impact of this regulation should they fail to be compliant is highlighted. Expand


Enhancing Cloud Security and Privacy: The Unikernel Solution
The technical details of a new approach to addressing cloud security and privacy by utilising a unikernel based solution are outlined, identifying how this new approach can better address the issues involved. Expand
Enterprise IoT Security and Scalability: How Unikernels can Improve the Status Quo
This paper outlines how a unikernel solution could be used to improve security and privacy in a cloud scenario and how this approach might apply to the Internet of Things, which can demonstrate an improvement over existing approaches. Expand
Jitsu: Just-In-Time Summoning of Unikernels
Jitsu is presented, a new Xen toolstack that satisfies the demands of secure multitenant isolation on resource-constrained embedded ARM devices by using unikernels: lightweight, compact, single address space, memory-safe virtual machines (VMs) written in a high-level language. Expand
Unikernels: Rise of the Virtual Library Operating System
Cloud computing has been pioneering the business of renting computing resources in large data centers to multiple (and possibly competing) tenants. The basic enabling technology for the cloud isExpand
Enhancing cloud security and privacy: Time for a new approach?
The main thrust of this paper is to discuss the key issues which need to be addressed, noting which of those might be covered by the proposed approach and how this proposed approach may help better address the key security issues. Expand
Unikernels: library operating systems for the cloud
The Mirage prototype compiles OCaml code into unikernels that run on commodity clouds and offer an order of magnitude reduction in code size without significant performance penalty, and demonstrates that the hypervisor is a platform that overcomes the hardware compatibility issues that have made past library operating systems impractical to deploy in the real-world. Expand
Analysis of Docker Security
This paper analyzes the security level of Docker, a well-known representative of container-based approaches, and considers how Docker interacts with the security features of the Linux kernel, such as SELinux and AppArmor, in order to harden the host system. Expand
Application and analysis of the virtual machine approach to information system security and isolation
This paper shows that a combined virtual machine monitor/operating system (VMM/OS) approach to information system isolation provides substantially better software security than a conventional multiprogramming operating system approach. Expand
Consistency Tradeoffs in Modern Distributed Database System Design: CAP is Only Part of the Story
A proposed new formulation, PACELC, unifies this tradeoff with CAP, which has had a more direct influence on several well-known DDBSs. Expand
Container-based operating system virtualization: a scalable, high-performance alternative to hypervisors
This paper describes the design and implementation of Linux-VServer, an alternative to hypervisors that is better suited to scenarios that require system virtualization with high degrees of both isolation and efficiency, and shows how Linux- VServer provides comparable support for isolation and superior system efficiency. Expand