Intra-unikernel isolation with Intel memory protection keys

Unikernels are minimal, single-purpose virtual machines. This new operating system model promises numerous benefits within many application domains in terms of lightweightness, performance, and security. Although the isolation between unikernels is generally recognized as strong, there is no isolation within a unikernel itself. This is due to the use of a single, unprotected address space, a basic principle of unikernels that provide their lightweightness and performance benefits. In this paper, we propose a new design that brings memory isolation inside a unikernel instance while keeping a single address space. We leverage Intel's Memory Protection Key to do so without impacting the lightweightness and performance benefits of unikernels. We implement our isolation scheme within an existing unikernel written in Rust and use it to provide isolation between trusted and untrusted components: we isolate (1) safe kernel code from unsafe kernel code and (2) kernel code from user code. Evaluation shows that our system provides such isolation with very low performance overhead. Notably, the unikernel with our isolation exhibits only 0.6% slowdown on a set of macro-benchmarks.

[1]  Jörg Ott,et al.  FADES: Fine-Grained Edge Offloading with Unikernels , 2017, HotConNet@SIGCOMM.

[2]  Binoy Ravindran,et al.  Swift Birth and Quick Death: Enabling Fast Parallel Guest Boot and Destruction in the Xen Hypervisor , 2017, VEE.

[3]  Robin Fairbairns,et al.  The Design and Implementation of an Operating System to Support Distributed Multimedia Applications , 1996, IEEE J. Sel. Areas Commun..

[4]  Peter Druschel,et al.  ERIM: Secure, Efficient In-process Isolation with Memory Protection Keys (MPK) , 2018 .

[5]  Hermann Härtig,et al.  VPFS: building a virtual private file system with a small trusted computing base , 2008, Eurosys '08.

[6]  Donald E. Porter,et al.  Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX , 2017, USENIX Annual Technical Conference.

[7]  Donald E. Porter,et al.  Rethinking the library OS from the top down , 2011, ASPLOS XVI.

[8]  Florian Schmidt,et al.  My VM is Lighter (and Safer) than your Container , 2017, SOSP.

[9]  Roberto Bifulco,et al.  ClickOS and the Art of Network Function Virtualization , 2014, NSDI.

[10]  Christina Delimitrou,et al.  X-Containers: Breaking Down Barriers to Improve Performance and Isolation of Cloud-Native Containers , 2019, ASPLOS.

[11]  Christoforos E. Kozyrakis,et al.  Usenix Association 10th Usenix Symposium on Operating Systems Design and Implementation (osdi '12) 335 Dune: Safe User-level Access to Privileged Cpu Features , 2022 .

[12]  Jeffrey S. Chase,et al.  Opal: A Single Address Space System for 64-bit Architectures , 1992, OPSR.

[13]  Cody Cutler,et al.  The benefits and costs of writing a POSIX kernel in a high-level language , 2018, OSDI.

[14]  Lin Zhong,et al.  Theseus: a State Spill-free Operating System , 2017, PLOS@SOSP.

[15]  Donald E. Porter,et al.  Cooperation and security isolation of library OSes for multi-process applications , 2014, EuroSys '14.

[16]  Kai Li,et al.  The PARSEC benchmark suite: Characterization and architectural implications , 2008, 2008 International Conference on Parallel Architectures and Compilation Techniques (PACT).

[17]  Florian Schmidt,et al.  Unikernels Everywhere: The Case for Elastic CDNs , 2017, VEE.

[18]  Jon Crowcroft,et al.  Unikernels: library operating systems for the cloud , 2013, ASPLOS '13.

[19]  Antti Kantee,et al.  Rump kernels: no OS? no problems! , 2014 .

[20]  Michal Król,et al.  NFaaS: named function as a service , 2017, ICN.

[21]  Christof Fetzer,et al.  SecureKeeper: Confidential ZooKeeper using Intel SGX , 2016, Middleware.

[22]  David M. Eyers,et al.  SCONE: Secure Linux Containers with Intel SGX , 2016, OSDI.

[23]  Yubin Xia,et al.  Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX , 2020, ASPLOS.

[24]  Stefan Lankes,et al.  HermitCore: A Unikernel for Extreme Scale Computing , 2016, ROSS@HPDC.

[25]  Koen Koning,et al.  Secure and Efficient Multi-Variant Execution Using Hardware-Assisted Process Virtualization , 2016, 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[26]  David Lie,et al.  Splitting interfaces: making trust between applications and operating systems configurable , 2006, OSDI '06.

[27]  Nicola Blefari-Melazzi,et al.  On the Fly TCP Acceleration with Miniproxy , 2016, HotMIddlebox '16.

[28]  Michael Stumm,et al.  FlexSC: Flexible System Call Scheduling with Exception-Less System Calls , 2010, OSDI.

[29]  Guihai Chen,et al.  KylinX: A Dynamic Library Operating System for Simplified and Efficient Cloud Virtualization , 2018, USENIX Annual Technical Conference.

[30]  Binoy Ravindran,et al.  A binary-compatible unikernel , 2019, VEE.

[31]  Jon Crowcroft,et al.  Jitsu: Just-In-Time Summoning of Unikernels , 2015, NSDI.

[32]  Philip Levis,et al.  Multiprogramming a 64kB Computer Safely and Efficiently , 2017, SOSP.

[33]  Hermann Härtig,et al.  Sandcrust: Automatic Sandboxing of Unsafe Components in Rust , 2017, PLOS@SOSP.

[34]  Karthikeyan Bhargavan,et al.  HACL*: A Verified Modern Cryptographic Library , 2017, CCS.

[35]  Sergey Bratus,et al.  ELFbac: Using the Loader Format for Intent-Level Semantics and Fine-Grained Protection , 2013 .

[36]  Soyeon Park,et al.  libmpk: Software Abstraction for Intel Memory Protection Keys (Intel MPK) , 2019, USENIX Annual Technical Conference.

[37]  Paal E. Engelstad,et al.  IncludeOS: A Minimal, Resource Efficient Unikernel for Cloud Services , 2015, 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom).

[38]  Michael L. Scott,et al.  Hodor: Intra-Process Isolation for High-Throughput Data Plane Libraries , 2019, USENIX Annual Technical Conference.

[39]  Bob Duncan,et al.  Enterprise IoT Security and Scalability: How Unikernels can Improve the Status Quo , 2016, 2016 IEEE/ACM 9th International Conference on Utility and Cloud Computing (UCC).

[40]  Don Marti,et al.  OSv - Optimizing the Operating System for Virtual Machines , 2014, USENIX Annual Technical Conference.

[41]  J. Chase,et al.  Opal: a single address space system for 64-bit architecture address space , 1992, [1992] Proceedings Third Workshop on Workstation Operating Systems.

[42]  Jaejin Lee,et al.  Performance characterization of the NAS Parallel Benchmarks in OpenCL , 2011, 2011 IEEE International Symposium on Workload Characterization (IISWC).

[43]  Stefan Lankes,et al.  Exploring Rust for Unikernel Development , 2019, PLOS@SOSP.

[44]  Antti Kantee,et al.  Rump Kernels: No OS? No Problem! , 2014, login Usenix Mag..

[45]  Christoforos E. Kozyrakis,et al.  Evaluating MapReduce for Multi-core and Multiprocessor Systems , 2007, 2007 IEEE 13th International Symposium on High Performance Computer Architecture.