Alex WollmanDakota State University, John HastingsDakota State University
{"title":"A Survey of Unikernel Security: Insights and Trends from a Quantitative Analysis","authors":"Alex WollmanDakota State University, John HastingsDakota State University","doi":"arxiv-2406.01872","DOIUrl":null,"url":null,"abstract":"Unikernels, an evolution of LibOSs, are emerging as a virtualization\ntechnology to rival those currently used by cloud providers. Unikernels combine\nthe user and kernel space into one \"uni\"fied memory space and omit\nfunctionality that is not necessary for its application to run, thus\ndrastically reducing the required resources. The removed functionality however\nis far-reaching and includes components that have become common security\ntechnologies such as Address Space Layout Randomization (ASLR), Data Execution\nPrevention (DEP), and Non-executable bits (NX bits). This raises questions\nabout the real-world security of unikernels. This research presents a\nquantitative methodology using TF-IDF to analyze the focus of security\ndiscussions within unikernel research literature. Based on a corpus of 33\nunikernel-related papers spanning 2013-2023, our analysis found that Memory\nProtection Extensions and Data Execution Prevention were the least frequently\noccurring topics, while SGX was the most frequent topic. The findings quantify\npriorities and assumptions in unikernel security research, bringing to light\npotential risks from underexplored attack surfaces. The quantitative approach\nis broadly applicable for revealing trends and gaps in niche security domains.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"33 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Operating Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2406.01872","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Unikernels, an evolution of LibOSs, are emerging as a virtualization
technology to rival those currently used by cloud providers. Unikernels combine
the user and kernel space into one "uni"fied memory space and omit
functionality that is not necessary for its application to run, thus
drastically reducing the required resources. The removed functionality however
is far-reaching and includes components that have become common security
technologies such as Address Space Layout Randomization (ASLR), Data Execution
Prevention (DEP), and Non-executable bits (NX bits). This raises questions
about the real-world security of unikernels. This research presents a
quantitative methodology using TF-IDF to analyze the focus of security
discussions within unikernel research literature. Based on a corpus of 33
unikernel-related papers spanning 2013-2023, our analysis found that Memory
Protection Extensions and Data Execution Prevention were the least frequently
occurring topics, while SGX was the most frequent topic. The findings quantify
priorities and assumptions in unikernel security research, bringing to light
potential risks from underexplored attack surfaces. The quantitative approach
is broadly applicable for revealing trends and gaps in niche security domains.