Introducing Unikraft: An SDK for fast, secure, and highly-specialized unikernels

Unikernels are specialized operating system images that execute a single application. Through extreme specialization they can provide high performance, small memory footprints, fast boot times, and a reduced attack vector.

This talk will provide an overview of Unikraft (https://unikraft.org), a Linux Foundation project that provides a toolikit for creating highly specialized unikernels by combining a set of micro-libraries to tailor down the operating system strictly to the needs of the executing application.

Specifically we will look at what Unikraft is and what it can be used for; how Unikraft achieves millisecond boot times, memory footprints in the order of KiB, and guaranteed higher performance in commonly deployed applications that Linux; Unikraft's security properties, both in terms of a reduced trusted compute base (TCB), and also in terms of supported security mitigations; ways to migrate existing applications to Unikraft with minimal effort both at the source level (POSIX), the binary level (Linux ABI), or through Unikraft's support for interpreted languages like Go, Javascript, Python, Rust, and WebAssembly; and - last but not least - the amazing and evergrowing open source community of Unikraft.

講者

Michalis Pappas

Michalis is an engineer at Unikraft Cloud (https://unikraft.io), and a contributor to the open source Unikraft project (https://unikraft.org). His areas of focus are operating systems, lightweight virtualization, and security. Before joining Unikraft he worked on virtualization for embedded automotive systems and Trusted Execution Environments.