Issue link: https://www.e-digitaleditions.com/i/1081695
36 I ICT TODAY hardware hypervisor operating system application old VM stack hardware hypervisor operating system docker application docker stack hardware hypervisor application unikernel stack FIGURE 4: Unikernels are designed to only run one program per VM effectively putting an end to remote code execution attacks. THE UNIKERNELS SOLUTION One particular solution that is starting to be embraced by various companies that are running compute at the edge is the concept of unikernels. Unikernels can be envisioned as the synthesis of a single application, and the operating system bits it needs to run is in a very small lightweight virtual machine (VM). Not only do they provide the necessary manageability, since they are designed to be somewhat immutable with configuration done at deployment time, but they also come with a four-point security model. This model is composed of the following: • Single process system • No users • No shells • Reduced attack surface SINGLE PROCESS A single process system versus a multiple process system, like Linux, means that each VM only runs one application inside of it at a time. Since all software is being deployed as VMs to begin with, this makes the software run faster and also, by design, makes it impossible to run other programs inside the same VM. When considering how almost any sort of attack occurs against servers, it all relies on the concept that the attacker is trying to run code on the company's/organization's server or device. The bug or exploit is just the key to the door, but it is not the main goal. When the capability of running more than one program on the VM is removed, the main motive of attacking the server is eliminated as well, inherently creating a serverless type architecture.