A Survey on Security Isolation of Virtualization, Containers, and Unikernels

Abstract

Virtualization, containers, and unikernels are the fundamental technologies that enabled the widespread use of the cloud; therefore, a comparison of their security isolation characteristics is necessary to understand the potential threats. Each of these technologies contains subtle differences in the methodology and software architecture to provide secure isolation between guests. All 3 of these technologies commonly provide the same functionality with varying degrees of overhead; however, the security isolation is based on a vastly different approach. This report first gives the background of each of these technologies followed by the security isolation aspects of each technology. A suggestion on metrics to further evaluate security characteristics of each technology is proposed to guide future evaluations.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 01, 2017
Accession Number
AD1035194

Entities

People

  • Michael J. De Lucia

Organizations

  • United States Army Research Laboratory

Tags

Communities of Interest

  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Central Processing Units
  • Computing System Architectures
  • Computing-Related Activities
  • Containers
  • Department Of Defense
  • Hypervisors
  • Information Operations
  • Instruction Set Architecture
  • Instructions
  • Kernels (Operating System)
  • Military Research
  • Network Protocols
  • Networks
  • Operating Systems
  • Security
  • Virtualization
  • Vulnerability

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Enterprise Information Systems Architecture and Joint Command Capability Interoperability Support.
  • Systems Analysis and Design