Unicore is developing a toolkit to streamline the creation of unikernels, addressing challenges in application deployment in the DevOps era by enhancing efficiency, security, and ease of use. The toolkit includes tools for software decomposition, dependency analysis, automated builds, and performance optimization, aimed at simplifying unikernel development for various applications, including serverless computing and IoT. The project's objectives include improving market adoption of unikernels, reducing time-to-market for secure software, and ensuring optimized and validated applications run on lightweight virtual machines.

1. © 2019 UNICORE
UNICORE
A Common Code Base and Toolkit for Deployment of Applications
to Secure and Reliable Execution Environments
Technical Overview
March 2019

2. © 2019 UNICORE
The problem
• We are in DevOps era
• quickly developing, upgrading and deploying applications is at the core of the
new IT industry
• Software is more and more massively running on shared hardware
• efficiency but also need for isolation, lightweight sw image footprints,
fast boot, etc.
• Standard VMs can be heavy load (image size, excessive memory and
disk space, long boot time)
• Containers are faster, but offer poor isolation
UNIKERNELS (lightweight VM) can be the solution

3. © 2019 UNICORE
Unikernels‘ Potential
▌Fast instantiation, destruction and migration time
10s of milliseconds or less (and as little as 2.3ms)
(LigthVM [Manco SOSP 2017], Jitsu [Madhvapeddy, NSDI 2015])
▌Low memory footprint
Few MBs of RAM or less (ClickOS [Martins NSDI 2014])
▌High density
8k guests on a singlex86 server (LigthVM [Manco SOSP 2017])
▌High Performance
10-40Gbit/s throughput with a single guest CPU
(ClickOS [Martins NSDI 2014], Elastic CDNs [Kuenzer VEE 2017])
▌Reduced attack surface
Small trusted compute base
Strong isolation by hypervisor

4. © 2019 UNICORE
The (Big) Downside with Unikernels
• Today, each optimized unikernel is manually built
• Image build takes several months or longer
• Wash, rinse, repeat for each target application
• Need for significant expert resources on OS, computer systems, kernel, etc.

5. © 2019 UNICORE
UNICORE is developing tools to enable lightweight VM development to be as easy as
compiling an app for an existing OS
UNICORE will release an open‐source toolchain to enable secure and portable unikernel
development
•Developing unikernel based applications will be reduced to slight changes in the app Makefile, choosing from
a menu of available implementations for the required system functionality, and compiling the app
UNICORE can unleash the use of next generation of cloud computing services and
technologies
UNICORE in a nutshell

6. © 2019 UNICORE
Unicore Tool Ecosystem

7. © 2019 UNICORE
The Unicore Toolkit
• Decomposition tool to assist developers in breaking existing monolithic software
into smaller components.
• Dependency analysis tool to analyze existing, unmodified applications to
determine which set of libraries and OS primitives are absolutely necessary for
correct execution.
• Automatic build tool to match the requirements derived by the dependency
analysis tools to the available libraries constructed by the OS decomposition
tools.
• Verification tool to ensure that the functionality of the resulting, specialized
OS+application matches that of the application running on a standard OS. The
tools will also take care of ensuring software quality.
• Performance optimization tool to analyze the running specialized OS+application
and to use this information as input to the automatic build tools so that they can
generate even more optimized images.

8. © 2019 UNICORE
Project Objectives
Unikernel
toolchain
•Objective 1: Fine‐Grained OS Decomposition and Code Re‐use
•Objective 2: Automated, Multi‐platform Unikernel Construction
•Objective 3: Automated Unikernel Verification, Security and Safety
•Objective 4: Automated Unikernel Performance Optimization
Use
Cases
•Objective 5: Efficient Serverless Computing in Clouds
•Objective 6: Efficient and Secure NFV Deployment
•Objective 7: Privacy‐aware, Cheap IoT Platform Cloud Offloading
•Objective 8: Secure, Deterministic Smart Contracts
Impact
achievement
•Objective 9: Foster Market Adoption for Unikernels
•Objective 10: Time‐to‐Market Reduction for Secure
Software Development and Deployment

9. © 2019 UNICORE
Work breakdown
WP1: Project Management
WP6: Exploitation and Dissemination
H2020
projects
Open
source
WP2: Platform
Design and
Evaluation
WP3: Core
Implementation
WP4: Toolstack
Implementation
WP5: Unikernels in Practice
Serverless computing
– lambda services
Home
automation/IoT
NFV/MEC/RAN
virtualization
Smart contracts
Industrial
exploitation
dissemination

10. © 2019 UNICORE
UNICORE Use Case
Serverless Computing for novel cloud platforms
• Rationale: Current implementations of serverless computing platforms
either use containers (being thus insecure) or rely on full blown VMs which
makes them highly inefficient (e.g. Amazon EC2’s lambda services)
• Goal: Use UNICORE technology and APIs to enable novel serverless
computing
• Develop a lambda services offering based on UNICORE and execute trial in
Barcelona, providing services (web crawling and video transcoding functions) to
citizens and especially to the university and research community
• Integrate unikernels in PacketCloud, an edge serverless computing platform
developed by Correct Networks, and use UNICORE tools to develop a unikernel to
run lambda functions written in Node.js
• Target TRL: 7‐8

11. © 2019 UNICORE
UNICORE Use Case
Efficient, Secure Network Function Virtualization
• Rationale: The holy grail of a Network Function Virtualization (NFV) implementation is
the ability to dynamically provision network components, services and applications in a
matter of minutes rather than the weeks or months it takes to do so now
• Goal: With boot‐times in the order of milliseconds, unikernels will provide disrupting
NFV solutions
• Universal CPE. Use UNICORE tools to develop a footprint optimized virtual router (vCPE) and
micro‐services (such as DHCP servers, NAT or probes) running on lightweight virtual machines that
offer good performance, while offering strong isolation and tangible security guarantees
• Broadband Network Gateway for wired Internet access. Upgrade from a monolithic approach
using Linux on the Broadband Network Gateway (BNG) to one with unikernel VMs with each
Point‐to‐Point Protocol over Ethernet (PPPoE) session running in a separate unikernel VM
(disaggregated BNG)
• Wireless 5G vRAN NFV Clusters. Ports 4G and 5G control plane (Layer 3) vRAN VNFs to Unikernels
to target real world 5G testbeds. Additionally, MEC apps and user plane VNFs will be experimented
evaluated for similar commercial deployments
• Target TRL: 8

12. © 2019 UNICORE
UNICORE Use Case
Internet of Things
• Rationale: Offloading IoT platform controllers to the cloud is not a new
area, yet valid privacy concerns raised by clouds run in different
jurisdictions hamper offloading, forcing IoT systems to install hardware in
the home to control IoT devices, and reducing economic efficiency
• Goal: Migrate to unikernels a selected set of application services from
commercial “digital living” platforms currently deployed in VMs and
containers
• Symphony IoT platform by Nextworks. Use UNICORE tools to develop unikernels for
home and building automation, data storage and analytics, media services and
voice/video communications.
• Use PacketCloud serverless computing functions to develop a proof‐of‐concept IoT
controller
• Target TRL: 7

13. © 2019 UNICORE
UNICORE Use Case
Smart Contracts
• Rationale: The main challenges for smart contracts in a blockchain
environment are ensuring deterministic execution support because all
participants need to be able to verify the result of a smart contract; safe
running of untrusted code, to avoid security issues on the nodes involved in
the system; and handling the interaction between smart contracts
• Goal: Migrate to unikernels a selected set of application services from
commercial “digital living” platforms currently deployed in VMs and
containers
• Create a permissioned blockchain called skipchain that includes precompiled smart
contracts, but that lacks so far the possibility to run smart contracts provided by the
users.
• Target TRL: 7

14. © 2019 UNICORE
Consortium
Symbolic execution,
deterministic execution,
NFV use case
Project Coordinator
Host infrastructure in
support of unikernels
(containers, VMs)
WP4 leader
Microlibraries, build
system, performance tools
Technical Coordinator &
WP3 leader
Deterministic execution
support, smart contracts
use case
Testbeds/infrastructure,
tools integration,
serverless use case
WP2 leader
Microlibraries, APIs,
security primitives,
performance tool
System reqs, NFV
use case (5G vRAN)
Systems security and
safety primitives
Home automation/IoT
use case
WP6 leader
NFV use cases,
industrial exploitation NFV use case
Serverless /
IoT use cases

15. © 2019 UNICORE
Comments?
Questions? www.linkedin.com/groups/8752067
info@unicore-project.eu
@unicore_project
This project has received funding from the European
Union's Horizon 2020 research and innovation
programme under grant agreement No 825377