|
|
|
|
|
|
by felipehuici
1596 days ago
|
|
|
Hi, no, the statement wasn't to isolate the kernel code from the application, since it's all in the same address space. Instead, it's to reduce the possibility of bugs (but again, not in the application), and reduce the vectors for attack in the underlying stack. For separating the application from the kernel (and from components within the kernel, since Unikraft is modular) we are doing further work called FlexOS, based on Unikraft, and to appear soon at the ASPLOS conference[0]; a short version of the paper appeared at HotOS [1]. [0] https://asplos-conference.org/program/ [1]https://sigops.org/s/conferences/hotos/2021/papers/hotos21-s... |
|
|
I found also this paper that talks about estabilishing a TCB in the unikernel which was a good companion read. https://www.ssrg.ece.vt.edu/papers/spma20.pdf