The goal is to understand how unikernels rethink operating system design, making them much more efficient, secure, and flexible.

1. Group 19: Revolutionizing
Operating Systems with
Unikernels: A Study on Efficiency,
Security, and Flexibility
CSCE 5640 Operating System Design
Yuan Li, Ph.D.
Computer Science and Engineering Department
Authors:
Neha Nadiminti
Yaswanth Gedela
Swetha Badini

2. Abstract
• Objective: The goal is to understand how
unikernels rethink operating system design,
making them much more efficient, secure, and
flexible.
• Methodology: Analyze technologies like UKL and
Loupe, trends in recent times regarding adoptions,
and challenges.
• Key Highlights: Unikernels are more resource-
efficient and less vulnerable to attack surface;
however, there are limitations like limited tooling
that prevent them from widespread adoption.

3. Introduction
• Unikernels are a way to rethink operating system
design, driven by better efficiency and security
needs of computing environments in the era of
cloud, IoT, and edge computing.
• Traditional multi-user and multi-process operating
systems like Linux and Windows provide results in
over consumption of resources, larger complexity,
and greater attack surfaces.
• Unikernels offers a solution by creating specialized,
single-purpose OS instances that have only the
required components for a particular application,
reducing resource consumption, enhancing
security through minimized attack surfaces, and
improving flexibility for cloud-native and
microservice architectures.

4. Introduction – Paper Summaries
Unikernels Motivations, Benefits,
and Issues: A Multivocal Literature
Review
The paper is a systematic study of
the adoption of unikernels by
studying their motivations, benefits,
and challenges. The main
motivation for adoption of
Unikernals include enhanced
performance and security, while
identified benefits include resource
optimization and reduced costs.
Issues like framework immaturity
and limited tool give scope for
more research in the future that
could improve practicality and
widen their adoption.
Loupe: Driving the Development
of OS Compatibility Layers
Loupe is an efficient dynamic
analysis tool for optimizations of
the OS compatibility layer
development. It helps the
developers in determining which
system calls need to be
implemented to run certain
applications and which can be
safely stubbed or faked without
affecting functionality.
Unikernel Linux (UKL): A Path
Toward Integrating Unikernel
Techniques into Linux
This paper proposes a unique
approach to integrating unikernel
optimizations into the Linux
kernel without changing its
ecosystem. UKL does this by
providing an interface that allows
a single application to link
directly with the kernel,
thusimproving performance while
retaining compatibility with
hardware and the tools.

5. Challenges with Traditional Operating Systems
Overheads in performance : This involves many context switches and system calls
that slow the operation.
Security Vulnerabilities: The bigger the codebases, the greater the attack surface area.
Inefficiency of resources: Resource waste due to excessive usage of memory and CPU
by the OS for unused features.
Compatibility Constraints: It is not easy to adapt to new environments.

6. What are Unikernels?
• Definition: Specialized, single-purpose OS environments
that include only necessary components for a specific
application.
• Characteristics:
• Minimal OS functionality compiled directly with the application.
• Single-address-space design reduces overhead but also
introduces unique challenges.

7. Unikernel Architecture
• Single Address Space: Eliminates
context-switching overhead but poses
security challenges.
• Library OS Design: Each application
includes only the necessary OS
libraries, unlike traditional OS that
supports multiple applications.
• Immutable Deployment: Unikernels
are deployed as fixed binaries,
enhancing security but limiting
runtime updates.

9. Motivations for
Unikernels
• Resource Optimization:
Streamlined components
reduce memory and CPU
demands.
• Performance
Improvements: Faster boot
times, lower latency.
• Security: Reduced attack
surfaces due to minimal
functionality and
immutable design.

10. Efficiency Benefits
Reduced Memory
Footprint:
Only essential libraries
are included, reducing
size.
Fast Boot Times:
Start-up time is in
milliseconds, ideal for
scaling and serverless
computing.
Lower CPU Overhead:
Single-address-space
design avoids
user/kernel transitions,
maximizing CPU
efficiency.

11. Security Enhancements
Minimal Attack Surface: Fewer services and libraries
mean fewer potential vulnerabilities.
Single Address Space: Reduces complexity but requires
careful management of security risks.
Immutable Binaries: Static images prevent runtime
modifications, enhancing security but limiting update
flexibility.

13. Flexibility and Modularity
• Microservice Oriented: Each unikernel instance serves a
single purpose that fits modular architectures.
• Scalability: Each unikernel can scale independently based
on demand. This is ideal for cloud-native environments.
• Serverless Compatibility: Lightweight, fast-boot
unikernels are well-suited for event-driven serverless
models.

14. Use Cases in Edge
and IoT
• Edge Computing: Small size and
efficiency are well-suited for
environments that have less resources.
• Real-Time Applications: Faster booting
and low latency support real-time
responsiveness for IoT.
• Security for Distributed Devices: Limited
attack surface makes unikernels ideal for
IoT devices vulnerable to cyber threats.

15. Unikernel Methodologies
• Overview: Unikernel implementation methods focus on
direct kernel linking and minimal OS functionality.
• Examples: UKL for integrating unikernels into Linux, and
Loupe for dynamic OS feature analysis.
• Goal: Optimize resource use and compatibility while
minimizing development complexity.

16. Loupe for Compatibility
• Dynamic Analysis: Identifies the minimal OS functionality required for
applications.
• System Call Prioritization: Implements only essential system calls,
reducing engineering overhead.
• Application Compatibility: Supports diverse applications, making
unikernel systems more versatile.

17. Practical Frameworks
Framework Language
Support
Target
Application Types
Strengths Limitations
MirageOS OCaml Network services,
web servers, IoT
Strong networking
support, high
performance
Limited language
support, steep
learning curve
IncludeOS C++ Cloud services,
network
applications
Lightweight, fast
boot time, minimal
OS footprint
Limited
documentation,
small community
OSv Java, C, C++ Cloud
infrastructure,
microservices
Optimized for JVM
workloads,
efficient scaling
JVM focus, limited
cross-language
support
UKL C, C++ Linux applications,
low-level systems
Direct application-
to-kernel linking,
Linux integration
Limited ecosystem,
less general-
purpose

18. Unikernel Challenges
• Compatibility Issues: Limited support for existing
software ecosystems.
• Tooling and Debugging: Lack of development tools makes
unikernel debugging complex.
• Standardization: No standard framework for unikernel
development or orchestration.

19. Security Limitations
• Single Address Space: Lacks traditional user-kernel isolation,
increasing security risks.
• Limited Isolation: No separation between processes, creating
vulnerability if one process is compromised.
• Static Deployment: Immutable nature limits flexibility, complicating
security updates.

20. Future Directions
• Standardization and Interoperability: Developing a
standardized unikernel framework would improve adoption.
• Tooling Advancements: Enhanced debugging, monitoring,
and CI/CD integration for unikernels.
• Hybrid Models: Combining unikernels with containers to
leverage both technologies' strengths.

21. Practical Implications
Cloud and Data Centers:
Efficient resource use lowers
operational costs in data centers.
IoT and Edge:
Enables high-performance, secure
applications on resource-limited
devices.
Serverless and Microservices:
Ideal for serverless architectures due
to lightweight, fast-boot design.

22. Conclusion
• Unikernels represent a new turn in the design of operating systems, coming with
considerable advantages in resource efficiency, security, and modularity.
Reducing complex components to a minimum and deploying them for a single
purpose optimized performance and reduce potential vulnerabilities.
• Incredibly fast boot times and lightweight designs make unikernels really
popular for cloud-native, edge, and IoT applications. But compatibility, tooling,
and standardization challenges are formidable barriers to mainstream adoption.
• Ongoing research and development in these areas, along with the integration of
unikernels with existing technologies such as containers, may finally unlock their
full potential to reshape the future of OS architecture for modern computing.