The Case for Intra-Unikernel Isolation

Research output: Contribution to conferencePaperpeer-review


The unikernel is an emerging operating system model offering lightweightness, security and performance benefits. In this paper we argue that a fundamental design principle of unikernels, the fact that one instance is viewed as a single unit of trust, is not suitable for the high security requirements of today’s cloud applications. We advocate for the introduction of intra-unikernel isolation. We
observe that some unikernel benefits derive from another fundamental design principle: the presence of a single address space. We investigate bringing intra-unikernel isolation without breaking that principle with the help of hardware technologies in the form of modern (Intel Memory Protection Keys) and future (hardware capabilities) Instruction Set Architecture extensions.

Bibliographical metadata

Original languageEnglish
Publication statusAccepted/In press - 17 Mar 2020
EventThe 10th Workshop on Systems for Post-Moore Architectures - Virtual
Event duration: 27 Apr 202027 Apr 2020


WorkshopThe 10th Workshop on Systems for Post-Moore Architectures