GPN20:Unikernel Security Analysis

aus dem Wiki des Entropia e.V., CCC Karlsruhe
Version vom 26. Mai 2022, 21:03 Uhr von Fahrplanbot (Diskussion | Beiträge) (Fahrplanbot tut Dinge)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Zur Navigation springenZur Suche springen

Ein Vortrag von harryr auf der GPN20.

When creating a unikernel, the application is compiled together with an operating system library into a single address space image. Thus, it only contains the code necessary to fulfill the single purpose it was created for. Most unikernels run on top of a hypervisor. Due to the minimalist approach, unikernels are very resource efficient, which makes them attractive for cloud and high performance computing. Multiple unikernels claim to be more secure than a traditional operating system due to their massively reduced attack surface. But is this really true? Or are they too minimalist and leave out important security features? What are the implications of a single address space? Is every security problem solved when rewriting the unikernel in Rust?

While there are multiple papers analyzing unikernels from a performance perspective, there are only few analyzing them from a security perspective and none of them analyzes a unikernel written in a memory safe language from scratch. Thus, I decided to analyze and discuss unikernel security in my master thesis. The core part is an extensive analysis of the RustyHermit unikernel, a unikernel written in Rust and developed as a research project at RWTH Aachen University. In addition, I analyzed multiple unikernels for the most basic security features present in traditional operating systems, e.g. ASLR, W^X and stack canaries.