Kite: Lightweight Critical Service Domains

Converged multi-level secure (MLS) systems, such as Qubes OS or SecureView, heavily rely on virtualization and service virtual machines (VMs). Traditionally, driver domains – isolated VMs that run device drivers – and daemon VMs use full-blown general-purpose OSs. It seems that specialized lightweight OSs, known as unikernels, would be a better fit for those. Surprisingly, to this day, driver domains can only be built from Linux. We discuss how unikernels can be beneficial in this context – they improve security and isolation, reduce memory overheads, and simplify soft- ware configuration and deployment. We specifically propose to use unikernels that borrow device drivers from existing general-purpose OSs. We present Kite which implements network and storage unikernel-based VMs and serve two essential classes of devices. We compare our approach against Linux using a number of typical micro- and macrobenchmarks used for networking and storage. Our approach achieves performance similar to that of Linux. However, we demonstrate that the number of system calls and ROP gadgets can be greatly reduced with our approach compared to Linux. We also demonstrate that our approach has resilience to an array of CVEs (e.g., CVE-2021-35039, CVE-2016-4963, and CVE-2013-2072), smaller image size, and improved startup time. Finally, unikernelizing is doable for the remaining (non-driver) service VMs as evidenced by our unikernelized DHCP server.

Files

Metadata

Work Title Kite: Lightweight Critical Service Domains
Access
Open Access
Creators
  1. A K M Fazla Mehrab
  2. Ruslan Nikolaev
  3. Binoy Ravindran
Keyword
  1. Hypervisor, Virtual Machine, Unikernel, Xen
License CC BY 4.0 (Attribution)
Work Type Article
Publisher
  1. ACM
Publication Date March 28, 2022
Publisher Identifier (DOI)
  1. 10.1145/3492321.3519586
Source
  1. Proceedings of the Seventeenth European Conference on Computer Systems
Deposited July 01, 2022

Versions

Analytics

Collections

This resource is currently not in any collection.

Work History

Version 1
published

  • Created
  • Added 3492321.3519586-1.pdf
  • Added Creator A K M Fazla Mehrab
  • Added Creator Ruslan Nikolaev
  • Added Creator Binoy Ravindran
  • Published
  • Updated Keyword, Description Show Changes
    Keyword
    • Hypervisor, Virtual Machine, Unikernel, Xen
    Description
    • Converged multi-level secure (MLS) systems, such as Qubes OS or SecureView, heavily rely on virtualization and service virtual machines (VMs). Traditionally, driver domains – isolated VMs that run device drivers – and daemon VMs use full-blown general-purpose OSs. It seems that specialized lightweight OSs, known as unikernels, would be a better fit for those. Surprisingly, to this day, driver domains can only be built from Linux. We discuss how unikernels can be beneficial in this context – they improve security and isolation, reduce memory overheads, and simplify soft- ware configuration and deployment. We specifically propose to use unikernels that borrow device drivers from existing general-purpose OSs.
    • Converged multi-level secure (MLS) systems, such as Qubes OS or SecureView, heavily rely on virtualization and service virtual machines (VMs). Traditionally, driver domains – isolated VMs that run device drivers – and daemon VMs use full-blown general-purpose OSs. It seems that specialized lightweight OSs, known as unikernels, would be a better fit for those. Surprisingly, to this day, driver domains can only be built from Linux. We discuss how unikernels can be beneficial in this context – they improve security and isolation, reduce memory overheads, and simplify soft- ware configuration and deployment. We specifically propose to use unikernels that borrow device drivers from existing general-purpose OSs.
    • We present Kite which implements network and storage unikernel-based VMs and serve two essential classes of devices. We compare our approach against Linux using a number of typical micro- and macrobenchmarks used for networking and storage. Our approach achieves performance similar to that of Linux. However, we demonstrate that the number of system calls and ROP gadgets can be greatly reduced with our approach compared to Linux. We also demonstrate that our approach has resilience to an array of CVEs (e.g., CVE-2021-35039, CVE-2016-4963, and CVE-2013-2072), smaller image size, and improved startup time. Finally, unikernelizing is doable for the remaining (non-driver) service VMs as evidenced by our unikernelized DHCP server.
  • Updated