Unikernels are specialized, single-address-space machine images built from library operating systems. They shrink the attack surface and resource footprint of cloud services. Applications that are compiled into unikernels are able to boot virtual machines. Using library operating systems enables static analysis of the image's whole software stack: from the kernel to the application.
In this talk, we present the transition from the C-based HermitCore to the Rust-based RustyHermit unikernel. Using Rust's build system, the unikernel is split into components, whereby the end-user is able to specialize the application and the resulting boot image. QEMU's microvm virtual platform and Firecracker are lightweight virtual machines (microVMs), which are specialized for cloud environments. We show the benefits of the component-based architecture to build specialized applications for microVMs. Minimalistic design of unikernels and microVMs reduce the memory footprint and the attack surface of the complete software stack and build an ideal base for cloud services.
Speakers: Stefan Lankes Martin Kröning Jonathan Klimt