期刊文献+

Iso-UniK:lightweight multi-process unikernel through memory protection keys

原文传递
导出
摘要 Unikernel,specializing a minimalistic libOS with an application,is an attractive design for cloud computing.However,the Achilles’heel of unikernel is the lack of multi-process support,which makes it less flexible and applicable.Many applications rely on the process abstraction to isolate different components.For example,Apache with the multi-processing module isolates a request handler in a process to guarantee security.Prior art tackles the problem by simulating multi-process with multiple unikernels,which is incompatible with existing cloud providers and also introduces high overhead.This paper proposes Iso-UniK,a new unikernel design enabling multi-task applications with the support of both functionality and isolation.Iso-UniK leverages a recent hardware feature,named Intel Memory Protection Key(Intel MPK),to provide lightweight and efficient isolation for multi-process in unikernel.Our design has three benefits compared with previous approaches.First,Iso-UniK does not need hypervisor support and is thus compatible with existing cloud computing platforms;second,Iso-UniK promises fast system calls with only 45 cycles;last,a process can be isolated with a flexible configuration.We have implemented a prototype based on OSv,a unikernel system supporting unmodified applications.Iso-UniK can achieve fast fork operation with only 66μs for multi-process applications.Our evaluation shows that the isolation and multi-process support in Iso-UniK will not damage the applications’performance.
出处 《Cybersecurity》 CSCD 2020年第1期141-154,共14页 网络空间安全科学与技术(英文)
基金 Sponsored by Program of Shanghai Academic/Technology Research Leader(No.19XD1401700).
  • 相关文献

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部