Reflections on Unikernels
a year ago
- #Unikernels
- #Cloud Computing
- #Security
- Unikernels are single-purpose appliances combining application and kernel drivers into a single binary.
- They enable rethinking OS interfaces and removing unnecessary code layers.
- Mirage OS, based on OCaml, provides libraries for network stacks and device drivers.
- Unikernels reduce attack surfaces by linking only necessary code.
- Xenstore service in Xen was ported to a MirageOS unikernel for enhanced security.
- OCaml Irmin database library increased xenstore's fault tolerance with state snapshots.
- QubesOS uses MirageOS unikernels for secure firewall components.
- Unikernels allow experimenting with new interfaces, like hiding VM startup latency for network requests.
- UniKraft and Nanos are other unikernel projects supporting various languages and features.
- Linux is embracing unikernel approaches with Unikernel Linux (UKL).