research-article

Unikernels: library operating systems for the cloud

Authors:

Anil Madhavapeddy,

Richard Mortier,

Charalampos Rotsos,

Thomas Gazagnaire,

Jon CrowcroftAuthors Info & Claims

ACM SIGPLAN Notices, Volume 48, Issue 4

Pages 461 - 472

https://doi.org/10.1145/2499368.2451167

Published: 16 March 2013 Publication History

Abstract

We present unikernels, a new approach to deploying cloud services via applications written in high-level source code. Unikernels are single-purpose appliances that are compile-time specialised into standalone kernels, and sealed against modification when deployed to a cloud platform. In return they offer significant reduction in image sizes, improved efficiency and security, and should reduce operational costs. Our Mirage prototype compiles OCaml code into unikernels that run on commodity clouds and offer an order of magnitude reduction in code size without significant performance penalty. The architecture combines static type-safety with a single address-space layout that can be made immutable via a hypervisor extension. Mirage contributes a suite of type-safe protocol libraries, and our results demonstrate that the hypervisor is a platform that overcomes the hardware compatibility issues that have made past library operating systems impractical to deploy in the real-world.

References

[1]

D. R. Engler, M. F. Kaashoek, and J. O'Toole, Jr. Exokernel: an operating system architecture for application-level resource management. In Proc. 15th ACM Symposium on Operating Systems Principles (SOSP), pages 251--266, Copper Mountain, CO, USA, December 3-6 1995.

Digital Library

[2]

Ian M. Leslie, Derek McAuley, Richard Black, Timothy Roscoe, Paul T. Barham, David Evers, Robin Fairbairns, and Eoin Hyden. The design and implementation of an operating system to support distributed multimedia applications. IEEE Journal of Selected Areas in Communications, 14(7):1280--1297, 1996.

Digital Library

[3]

Donald E. Porter, Silas Boyd-Wickizer, Jon Howell, Reuben Olinsky, and Galen C. Hunt. Rethinking the library OS from the top down. In Proc. 16th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pages 291--304, Newport Beach, CA, USA, March 5-11 201.

Digital Library

[4]

Galen C. Hunt and James R. Larus. Singularity: rethinking the software stack. SIGOPS Operating Systems Review, 41(2):37--49, 2007.

Digital Library

[5]

Glenn Ammons, Jonathan Appavoo, Maria Butrico, Dilma Da Silva, David Grove, Kiyokuni Kawachiya, Orran Krieger, Bryan Rosenburg, Eric Van Hensbergen, and Robert W. Wisniewski. Libra: a library operating system for a JVM in a virtualized execution environment. In Proc. 3rd International Conf. on Virtual Execution Environments (VEE), pages 44--54, San Diego, CA, USA, June 13-15 2007. ACM.

Digital Library

[6]

Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. Xen and the Art of Virtualization. In Proc. 19th ACM Symposium on Operating Systems Principles (SOSP), pages 164--177, Bolton Landing, NY, USA, October 19-22 2003.

Digital Library

[7]

US-CERT/NIST. CVE-2012-1182, February 2012.

[8]

US-CERT/NIST. CVE-2012-2110, April 2012.

[9]

Eelco Dolstra, Andres LOh, and Nicolas Pierron. Nixos: A purely functional Linux distribution. J. Funct. Program., 20(5-6):577--615, November 2010.

Digital Library

[10]

Galen Hunt, Mark Aiken, Manuel Fähndrich, Chris Hawblitzel, Orion Hodson, James Larus, Steven Levi, Bjarne Steensgaard, David Tarditi, and Ted Wobber. Sealing OS processes to improve dependability and safety. SIGOPS Operating Systems Review, 41(3):341--354, March 2007.

Digital Library

[11]

Theo De Raadt. Exploit mitigation techniques. http://www.openbsd.org/papers/auug04, 2004.

[12]

David Scott, Richard Sharp, Thomas Gazagnaire, and Anil Madhavapeddy. Using functional programming within an industrial product group: perspectives and perceptions. In Proc. 15th ACM SIGPLAN International Conference on Functional Programming (ICFP), pages 87--92, Baltimore, Maryland, USA, September 27-29 2010.

Digital Library

[13]

Thomas Gazagnaire and Vincent Hanquez. Oxenstored: an efficient hierarchical and transactional database using functional programming with reference cell comparisons. SIGPLAN Notices, 44(9):203--214, August 2009.

Digital Library

[14]

Patrick Colp, Mihir Nanavati, Jun Zhu,William Aiello, George Coker, Tim Deegan, Peter Loscocco, and Andrew Warfield. Breaking up is hard to do: security and functionality in a commodity hypervisor. In Proc. 23rd ACM Symposium on Operating Systems Principles (SOSP), pages 189--202, Cascais, Portugal, October 23-26 2011.

Digital Library

[15]

A. Baumann, P. Barham, P. Dagand, T. Harris, R. Isaacs, S. Peter, T. Roscoe, A. Schupbach, and A. Singhania. The multikernel: a new OS architecture for scalable multicore systems. In Proc. 22nd ACM Symposium on Operating Systems Principles (SOSP), pages 29--44, Big Sky, MT, USA, October 11-14 2009.

Digital Library

[16]

Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, and Dan Boneh. On the effectiveness of address-space randomization. In Proc. 11th ACM Conference on Computer and Communications Security (CCS), pages 298--307, Washington DC, USA, October 25-29 2004.

Digital Library

[17]

Keir Fraser, Steven Hand, Rolf Neugebauer, Ian Pratt, Andrew Warfield, and Mark Williamson. Safe hardware access with the Xen virtual machine monitor. In Proc. 1st Workshop on Operating System and Architectural Support for the on demand IT InfraStructure (OASIS), Boston, MA, USA, October 7--13 2004.

[18]

Jerome Vouillon. Lwt: a cooperative thread library. In Proc. 2008 ACM SIGPLAN workshop on ML, pages 3--12, Victoria, BC, Canada, September 21 2008.

Digital Library

[19]

Anil Madhavapeddy, Richard Mortier, Ripduman Sohan, Thomas Gazagnaire, Steven Hand, Tim Deegan, Derek McAuley, and Jon Crowcroft. Turning down the LAMP: Software specialisation for the cloud. In 2nd USENIX Workshop on Hot Topics in Cloud Computing, June 2010.

Digital Library

[20]

Andrew Warfield, Keir Fraser, Steven Hand, and Tim Deegan. Facilitating the development of soft devices. In Proc. USENIX Annual Technical Conference, pages 379--382, April 10--15 2005.

Digital Library

[21]

Edoardo Biagioni. A Structured TCP in Standard ML. In Proc. ACM SIGCOMM, pages 36--45, London, UK, Aug. 31--Sep. 02 1994.

Digital Library

[22]

Anil Madhavapeddy, Alex Ho, Tim Deegan, David Scott, and Ripduman Sohan. Melange: creating a "functional" Internet. SIGOPS Operating Systems Review, 41(3):101--114, 2007.

Digital Library

[23]

Oleg Kiselyov. Iteratee IO: safe, practical, declarative input processing. http://okmij.org/ftp/Streams.html, 2008.

[24]

Chuck Silvers. UBC: an efficient unified I/O and memory caching subsystem for NetBSD. In Proc. USENIX Annual Technical Conference, pages 285--290, San Diego, CA, USA, June 18--23 2000.

Digital Library

[25]

Steven M. Hand. Self-paging in the Nemesis operating system. In Proc. 3rd USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 73--86, February 22--25 1999.

Digital Library

[26]

President's Council of Advisors on Science and Technology. Report to the President and Congress: Designing a Digital Future: Federally Funded R&D in Networking and IT, December 2010.

[27]

OpenFlow Consortium. OpenFlow. http://openflow.org/.

[28]

Charalampos Rotsos, Nadi Sarrar, Steve Uhlig, Rob Sherwood, and Andrew W. Moore. OFLOPS: An open framework for OpenFlow switch evaluation. In Proc. Passive and Active Measurements Conference (PAM), Vienna, Austria, March 12--14 2012.

Digital Library

[29]

Zheng Cai, Alan L. Cox, and T. S. Eugene Ng. Maestro: A system for scalable OpenFlow control. Technical Report TR-10-11, Rice University.

[30]

N. Gude, T. Koponen, J. Pettit, B. Pfaff, M. Casado, N. McKeown, and S. Shenker. NOX: towards an operating system for networks. SIGCOMM Computer Communications Review, 38:105--110, July 2008.

Digital Library

[31]

Derek Gordon Murray, Grzegorz Milos, and Steven Hand. Improving Xen security through disaggregation. In Proc. 4th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE), pages 151--160, Seattle,WA, USA, March 5--7 2008.

Digital Library

[32]

B. Vaugon, Philippe Wang, and Emmanuel Chailloux. Les microcontr oleurs pic programmes en Objective Caml. In Vingt-deuxiemes Journees Francophones des Langages Applicatifs (JFLA 2011), volume Studia Informatica Universalis, pages 177--207. Hermann, 2011.

[33]

T. Hallgren, M. P. Jones, R. Leslie, and A. Tolmach. A Principled Approach to Operating System construction in Haskell. SIGPLAN Notices, 40(9):116--128, 2005.

Digital Library

[34]

Galois Inc. HalVM. http://halvm.org/.

[35]

Oracle. GuestVM. http://labs.oracle.com/projects/guestvm/shared/guestvm/guestvm/index.html.

[36]

B. N. Bershad, S. Savage, P. Pardyak, E. G. Sirer, M. E. Fiuczynski, D. Becker, C. Chambers, and S. Eggers. Extensibility, safety and performance in the SPIN operating system. SIGOPS Operating Systems Review, 29(5):267--283, December 1995.

Digital Library

[37]

David Mosberger and Larry L. Peterson. Making paths explicit in the Scout operating system. In Proc. 2nd USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 153--167, Seattle, WA, United States, October 28-31 1996.

Digital Library

[38]

F. Kaashoek, D. Engler, G. Ganger, H. Brice no, R. Hunt, D. Mazieres, T. Pinckney, R. Grimm, J. Jannotti, and K. Mackenzie. Application performance and flexibility on exokernel systems. In Proc. 16th ACM Symposium on Operating Systems Principles (SOSP), pages 52--65, Saint Malo, France, October 5--8 1997.

Digital Library

[39]

Bryan Ford, Godmar Back, Greg Benson, Jay Lepreau, Albert Lin, and Olin Shivers. The Flux OSKit: a substrate for kernel and language research. In Proc. 16th ACM Symposium on Operating Systems Principles (SOSP), pages 38--51, Saint Malo, France, October 5--8 1997.

Digital Library

[40]

The OpenSSL Project. OpenSSL. http://openssl.org/.

[41]

Martin Georgiev, Subodh Iyengar, Suman Jana, Rishita Anubhai, Dan Boneh, and Vitaly Shmatikov. The most dangerous code in the world: validating SSL certificates in non-browser software. In Proc. 19th ACM Conference on Computer and Communications Security (CCS), pages 38--49, Raleigh, NC, USA, October 16--18 2012.

Digital Library

[42]

George C. Necula, Scott McPeak, Shree Prakash Rahul, and Westley Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In Proc. 11th International Conference on Compiler Construction (CC), LNCS 2304, pages 213--228, Grenoble, France, April 8--12 2002.

Digital Library

[43]

George C. Necula, Scott McPeak, andWestleyWeimer. Ccured: typesafe retrofitting of legacy code. In Proc. 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), pages 128--139, January 16--18 2002.

Digital Library

[44]

Facebook. HipHop for PHP. https://github.com/facebook/hiphop-php/wiki/, February 2010.

[45]

Jeffrey Dean and Sanjay Ghemawat. MapReduce: simplified data processing on large clusters. In Proc. 6th USENIX Symposium on Operating Systems Design & Implementation (OSDI), pages 137--150, San Francisco, CA, USA, December 6--8 2004.

Digital Library

[46]

Apache. Hadoop. http://hadoop.apache.org, April 2012.

[47]

Michael Isard, Mihai Budiu, Yuan Yu, Andrew Birrell, and Dennis Fetterly. Dryad: distributed data-parallel programs from sequential building blocks. In Proc. 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems (EuroSys), pages 59--72, Lisbon, Portugal, March 21--23 2007.

Digital Library

[48]

Niels Provos, Markus Friedl, and Peter Honeyman. Preventing privilege escalation. In Proc. 12th USENIX Security Symposium (SSYM), pages 231--242, Washington DC, USA, August 4--8 2003.

Digital Library

[49]

Bill Childers. Build your own cloud with Eucalyptus. Linux J., 2010(195), July 2010.

Digital Library

[50]

Jeff Lewis. Cryptol: specification, implementation and verification of high-grade cryptographic applications. In Proc. ACM Workshop on Formal Methods in Security Engineering (FMSE), page 41, Fairfax, Virginia, USA, November 2 2007.

Digital Library

[51]

Reynald Affeldt, David Nowak, and Yutaka Oiwa. Formal network packet processing with minimal fuss: invertible syntax descriptions at work. In Proc. 6th Workshop on Programming Languages meets Program Verification (PLPV), pages 27--36, January 24 2012.

Digital Library

[52]

Nicolas Oury. Observational equivalence and program extraction in the Coq proof assistant. In Proc. 6th International Conference on Typed Lambda Calculi and Applications (TLCA), LNCS 2701, pages 271--285, Valencia, Spain, June 10--12 2003.

Digital Library

[53]

Xavier Leroy. Formal certification of a compiler back-end, or: programming a compiler with a proof assistant. In Proc. 33rd ACM Symposium on Principles of Programming Languages (POPL), pages 42--54, Charleston, SC, USA, January 11--13 2006.

Digital Library

[54]

G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: formal verification of an OS kernel. In Proc. 22nd ACM Symposium on Operating Systems Principles (SOSP), pages 207--220, Big Sky, MT, USA, October 11--14 2009.

Digital Library

Cited By

Leis VDietrich C(2024)Cloud-Native Database Systems and Unikernels: Reimagining OS Abstractions for Modern HardwareProceedings of the VLDB Endowment10.14778/3659437.365946217:8(2115-2122)Online publication date: 1-Apr-2024
https://dl.acm.org/doi/10.14778/3659437.3659462
Karthick GMapp GCrowcroft J(2023)Building an Intelligent Edge Environment to Provide Essential Services for Smart CitiesProceedings of the 18th Workshop on Mobility in the Evolving Internet Architecture10.1145/3615587.3615987(13-18)Online publication date: 6-Oct-2023
https://dl.acm.org/doi/10.1145/3615587.3615987
Varoumas SPesin BVaugon BChailloux E(2023)Programming microcontrollers through high-level abstractions: The OMicroB projectJournal of Computer Languages10.1016/j.cola.2023.10122877(101228)Online publication date: Nov-2023
https://doi.org/10.1016/j.cola.2023.101228
Show More Cited By

Index Terms

Unikernels: library operating systems for the cloud
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. Interactive systems and tools
  2. Interaction design

Recommendations

Unikernels as Processes
SoCC '18: Proceedings of the ACM Symposium on Cloud Computing

System virtualization (e.g., the virtual machine abstraction) has been established as the de facto standard form of isolation in multi-tenant clouds. More recently, unikernels have emerged as a way to reuse VM isolation while also being lightweight by ...
Unikernels: library operating systems for the cloud
ASPLOS '13

We present unikernels, a new approach to deploying cloud services via applications written in high-level source code. Unikernels are single-purpose appliances that are compile-time specialised into standalone kernels, and sealed against modification ...
Unikernels: library operating systems for the cloud
ASPLOS '13: Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems

We present unikernels, a new approach to deploying cloud services via applications written in high-level source code. Unikernels are single-purpose appliances that are compile-time specialised into standalone kernels, and sealed against modification ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices

ACM SIGPLAN Notices Volume 48, Issue 4

ASPLOS '13

April 2013

540 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/2499368

Issue’s Table of Contents

ASPLOS '13: Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
March 2013
574 pages
ISBN:9781450318709
DOI:10.1145/2451116
General Chair:
Vivek Sarkar
Rice University, USA
,
Program Chair:
Rastislav Bodik
University of California, Berkeley, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 March 2013

Published in SIGPLAN Volume 48, Issue 4

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

341
Total Citations
View Citations
4,123
Total Downloads

Downloads (Last 12 months)541
Downloads (Last 6 weeks)42

Reflects downloads up to 23 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Leis VDietrich C(2024)Cloud-Native Database Systems and Unikernels: Reimagining OS Abstractions for Modern HardwareProceedings of the VLDB Endowment10.14778/3659437.365946217:8(2115-2122)Online publication date: 1-Apr-2024
https://dl.acm.org/doi/10.14778/3659437.3659462
Karthick GMapp GCrowcroft J(2023)Building an Intelligent Edge Environment to Provide Essential Services for Smart CitiesProceedings of the 18th Workshop on Mobility in the Evolving Internet Architecture10.1145/3615587.3615987(13-18)Online publication date: 6-Oct-2023
https://dl.acm.org/doi/10.1145/3615587.3615987
Varoumas SPesin BVaugon BChailloux E(2023)Programming microcontrollers through high-level abstractions: The OMicroB projectJournal of Computer Languages10.1016/j.cola.2023.10122877(101228)Online publication date: Nov-2023
https://doi.org/10.1016/j.cola.2023.101228
Jiang JQi JShen TChen XZhao SWang SChen LZhang GLuo XCui H(2022)CRONUS: Fault-isolated, Secure and High-performance Heterogeneous Computing for Trusted Execution Environment2022 55th IEEE/ACM International Symposium on Microarchitecture (MICRO)10.1109/MICRO56248.2022.00019(124-143)Online publication date: Oct-2022
https://doi.org/10.1109/MICRO56248.2022.00019
Nikolos OGoumas GKoziris N(2022)Deverlay: Container Snapshots For Virtual Machines2022 22nd IEEE International Symposium on Cluster, Cloud and Internet Computing (CCGrid)10.1109/CCGrid54584.2022.00010(11-20)Online publication date: May-2022
https://doi.org/10.1109/CCGrid54584.2022.00010
Juan Ferrer AJuan Ferrer A(2022)Computing Beyond Edge: The Swarm Computing ConceptBeyond Edge Computing10.1007/978-3-031-23344-9_8(111-129)Online publication date: 26-Dec-2022
https://doi.org/10.1007/978-3-031-23344-9_8
Jacquot POlivier PPerez CAzab A(2022)Analyzing Unikernel Support for HPC: Experimental Study of OpenMPHigh Performance Computing. ISC High Performance 2022 International Workshops10.1007/978-3-031-23220-6_25(358-370)Online publication date: 29-May-2022
https://dl.acm.org/doi/10.1007/978-3-031-23220-6_25
Yuan SBesson FTalpin JHym SZandberg KBaccelli E(2022)End-to-End Mechanized Proof of an eBPF Virtual Machine for Micro-controllersComputer Aided Verification10.1007/978-3-031-13188-2_15(293-316)Online publication date: 6-Aug-2022
https://doi.org/10.1007/978-3-031-13188-2_15
Lefeuvre HZhang KGherbi AVenkatasubramanian NVeiga L(2021)FlexOSProceedings of the 22nd International Middleware Conference: Doctoral Symposium10.1145/3491087.3493683(29-32)Online publication date: 6-Dec-2021
https://dl.acm.org/doi/10.1145/3491087.3493683
Zhang YSani AXu GAngel SKasikci BKohler E(2021)User-defined cloudProceedings of the Workshop on Hot Topics in Operating Systems10.1145/3458336.3465304(33-40)Online publication date: 1-Jun-2021
https://dl.acm.org/doi/10.1145/3458336.3465304
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents