Skip to main content

A Common Code Base and Toolkit for Deployment of Applications to Secure and Reliable Virtual Execution Environments

Periodic Reporting for period 1 - UNICORE (A Common Code Base and Toolkit for Deployment of Applications to Secure and Reliable Virtual Execution Environments)

Reporting period: 2019-01-01 to 2019-12-31

Quickly developing, upgrading and deploying applications is the core function of the software and IT industry, often achieved through running software on shared hardware (e.g. on data centers) in order to reduce costs and improve profitability. At this point however, the software world appears stuck with inherently insecure and not-so-efficient lightweight virtualization (e.g. containers), because virtual machines are deemed too expensive to use in many scenarios. Unikernels, extremely lightweight VMs, seem like a step towards a solution, but their overwhelming development time and costs hinder their use in real-world settings. Unicore challenges this status quo by enabling software developers to easily build and quickly deploy lightweight, secure and verifiable images (which we call unikernels) starting from existing applications. Unicore creates a common code base from which to build unikernels, and develops tools that make the creation of such unikernels as easy as compiling an app for an existing OS.

Unicore enables EU players to lead the next generation of cloud computing services and technology. Such tools also allow for the creation of lean, efficient operating systems that are be perfectly suitable for resource-constrained devices settings such as IoT. Through its industry-led consortium and its top-notch academic partners, Unicore ensures exploitation of its technical results through the implementation and operational deployment of multiple use cases. For society at large, running significantly more efficient software especially in large cloud deployments significantly reduces power consumption, and with that, reduces emissions.

The main goals of Unicore are to (1) provide a common code base and tools for code reusability, (2) to develop tools for verification and validation of the generated software, (3) to transparently handle cross-platform dependencies and by (4) to accelerate the full software lifecycle by fully automating several of its stages.
Unicore's unikernel build system is in place and open source at https://github.com/unikraft/unikraft
- Tools for automated dependency analysis, automated configuration and automated building are ready at https://github.com/unikraft/tools
- Initial work on securing and hardening unikernels, as well as leveraging unikernel properties for security purposes
- Definition of basic library APIs (e.g. block, network, console) is finished (see https://github.com/unikraft/unikraft)
- Orders of magnitude reduction in application porting time when building of unikernels (without resorting to binary compatibility, which degrades performance)
- Extremely secure and efficient, application-specific unikernels with minimal Trusted Compute Base.
- Transparent support for multiple platform types: VMs, containers and bare metal.
UNICORE Toolkit Overview