Say Goodbye to Virtualization for a Safer Cloud

When it comes to isolation on the cloud, conventional wisdom holds that virtual machines (VMs) provide greater isolation than containers because of their low-level interface to the host. A lower-level interface reduces the amount of code and complexity needed in the kernel that must be relied upon for isolation. However, it is incorrectly assumed that virtualization mechanisms are required to achieve a low-level interface suitable for isolation. In this paper, we argue that the interface to the host can be lowered for any application by moving kernel components to userspace. We show that using a userspace network stack results in a 33% reduction in kernel code usage, which is 20% better than when resorting to virtualization mechanisms and using a VM.

[1]  Byung-Gon Chun,et al.  Usenix Association 10th Usenix Symposium on Operating Systems Design and Implementation (osdi '12) 135 Megapipe: a New Programming Interface for Scalable Network I/o , 2022 .

[2]  Justin Cappos,et al.  Lock-in-Pop: Securing Privileged Operating System Kernels by Keeping on the Beaten Path , 2017, USENIX Annual Technical Conference.

[3]  Scott Shenker,et al.  Towards Practical Taint Tracking , 2010 .

[4]  Paal E. Engelstad,et al.  IncludeOS: A Minimal, Resource Efficient Unikernel for Cloud Services , 2015, 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom).

[5]  Ye Li,et al.  A virtualized separation kernel for mixed criticality systems , 2014, VEE '14.

[6]  Don Marti,et al.  OSv - Optimizing the Operating System for Virtual Machines , 2014, USENIX Annual Technical Conference.

[7]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[8]  Eunyoung Jeong,et al.  mTCP: a Highly Scalable User-level TCP Stack for Multicore Systems , 2014, NSDI.

[9]  Jon Crowcroft,et al.  Unikernels: library operating systems for the cloud , 2013, ASPLOS '13.

[10]  Donald E. Porter,et al.  A study of modern Linux API usage and compatibility: what to support when you're supporting , 2016, EuroSys.

[11]  Christoforos E. Kozyrakis,et al.  Usenix Association 10th Usenix Symposium on Operating Systems Design and Implementation (osdi '12) 335 Dune: Safe User-level Access to Privileged Cpu Features , 2022 .

[12]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[13]  Antti Kantee,et al.  Flexible Operating System Internals: The Design and Implementation of the Anykernel and Rump Kernels , 2012 .

[14]  Reto Buerki,et al.  Muen - An x86/64 Separation Kernel for High Assurance , 2013 .

[15]  Liqun Chen,et al.  An historical examination of open source releases and their vulnerabilities , 2012, CCS.

[16]  Myla Archer,et al.  Formal specification and verification of data separation in a separation kernel for an embedded system , 2006, CCS '06.

[17]  Dawson R. Engler,et al.  Exokernel: an operating system architecture for application-level resource management , 1995, SOSP.

[18]  Yu Chen,et al.  Scalable Kernel TCP Design and Implementation for Short-Lived Connections , 2016, ASPLOS.

[19]  Michio Honda,et al.  StackMap: Low-Latency Networking with the OS Stack and Dedicated NICs , 2016, USENIX Annual Technical Conference.

[20]  Remzi H. Arpaci-Dusseau Operating Systems: Three Easy Pieces , 2015, login Usenix Mag..

[21]  Gil Neiger,et al.  IntelŴVirtualization Technology: Hardware Support for Efficient Processor Virtualization , 2006 .

[22]  Gil Neiger,et al.  Intel virtualization technology , 2005, Computer.

[23]  Florian Schmidt,et al.  My VM is Lighter (and Safer) than your Container , 2017, SOSP.

[24]  Fabrice Bellard,et al.  QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX ATC, FREENIX Track.