Fearful of being overheard, we don’t tell secrets in a crowded room. However, we do expect our computer programs to function securely on top of a crowded operating system (OS). Binoy Ravindran, ECE professor, and Pierre Olivier, ECE research assistant professor, are questioning this expectation.

Whether software is running in the cloud or on a personal computer, there are security risks for any application sharing hardware and software resources with other applications, explains Olivier. The more software running, the more opportunity there is for someone to exploit it.

Under the current model, all applications running on an operating system share hardware device drivers, explains Ravindran. “But most applications do not need all the devices. For example, a networking application probably doesn’t need to write to USB devices.” All these applications, however, regardless of their needs, run on the same operating system, with the overhead of many unnecessary drivers.

To counteract these risks and reduce the attack surface, Ravindran, Olivier, and their team are securing software by reducing the code overhead using unikernels. “Unikernels are very simple operating systems that only run a single application within a virtual machine, loading only the libraries necessary for the application,” explains Olivier.

Isolation, according to Olivier, is the key to success. As long as applications are sharing the same operating system, there are opportunities for one program to attack another. With every application running on its own operating system, this fear is mitigated.

“We are addressing this problem by designing a custom OS for every application,” explains Ravindran. However, coding for these unikernels could put a burden on software developers, he says. In a project called Hermitux, the team is lightening this burden.

“The challenge is to take legacy Linux applications and automatically run them in the context of a unikernel,” says Ravindran. “Hermitux doesn’t even need your source code,” he continues. “It is executed at run-time.” The hope, according to Olivier, is that “developers will think more about unikernels now that there are no extra steps for them.”

A unikernel isn’t the right answer for every application, however, and some are best run on a full operating system, especially if they need access to most of the device drivers, notes Olivier. “We have to trade off some compatibility to keep it lightweight.”

A lightweight system carries substantial benefits. Unikernels can run securely on hardware platforms that might not have enough resources for a full virtual machine, and start up in milliseconds instead of the noticeable wait time of a full system. This means that if a program on a unikernel crashes, it can restart without a noticeable delay—and many of them can be running, in isolation, on the same hardware.

According to both researchers, unikernels have the potential to supplement other security measures for a large impact, without making software development more difficult.

Contact: